Unsolved
This post is more than 5 years old
44 Posts
0
11103
Access List
Hi,
I have Dell power connect 6224 switch. Created two Vlans in it VLan 5 and 10.
Ip address given to vlan 5 is 172.16.0.35, 255.255.255.0
ip address given to vlan 10 is 192.168.20.1 255.255.255.0
routing enable on both vlan. pinging each other.
Vlan5 is directly connected with another dell power connect 6224 switch with the ip address 172.16.0.34 255.255.255.0 with this switch connected one FTP server with the ip address 172.16.0.1 255.255.255.0.
Vlan 10 connected with my 3 Servers with ip address 192.168.20.10/11/12.
all are pinging each other.
i am implementing the access list on my switch....
now i am tying to put the access list on my switch so that FTP server can access only my single host that is 192.168.20.10. it should not access all the network.
so I put this command but is not working. in don't know where i am wrong..
access-list permit permit ip 192.168.20.10 0.0.0.0 172.16.0.1 0.0.0.0
deny ip any any
and deploying this list on vlan 10.
after this FTP server can only ping 192.168.20.1 and 192.168.20.10.
But problem is my all three server not able ping each other and switch too.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
March 20th, 2014 07:00
The ACLs go down the list of ACEs like a check list, and at the end a deny all is automatically put in.
I suggest putting a permit any after your deny statement. This way if traffic does not meet the first deny ACE it looks at the next ACE which is a permit ACE and will allow the traffic.
duahimanshu
44 Posts
0
March 20th, 2014 08:00
HI,
I used this commands,
access-list permit permit 192.168.20.10 0.0.0.0 172.16.0.1 0.0.0.0
access-list permit deny 192.168.20.0 0.0.0.255 172.16.0.0 0.0.255.255
i want to ask you should i use any other command here...
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
March 20th, 2014 08:00
I would add this at the end
access-list permit Permit any any
So traffic not fitting those rules will be permitted.