|
Access Lists
Deny internet (HTTP)
from outside
Permit external Administration
Subnets to reach the internal Administration Server
Sunnyslope(config)#
access-list 101 deny tcp any any eq 80
Sunnyslope(config)#
access-list
101 permit ip 152.86.64.0 0.0.63.255
152.86.65.11 0.0.0.0
Sunnyslope(config)# access-list
101 deny ip any 152.86.65.11 0.0.0.0
Sunnyslope(config)# access-list 101 permit ip any
any
Sunnyslope(config)# interface E1
Sunnyslope(config-if)# ip access-group 101 in
Permit DNS/Email for
all
Permit DHCP for students
Deny students access to admin VLAN
Sunnyslope(config)#
access-list 102 permit tcp any 152.86.65.13
0.0.0.0 eq 53
Sunnyslope(config)# access-list 102 permit udp any 152.86.65.13
0.0.0.0 eq 53
Sunnyslope(config)# access-list 102 permit tcp any 152.86.65.13
0.0.0.0 eq 25
Sunnyslope(config)#
access-list 102 permit udp 152.86.2.0
0.0.0.255
152.86.65.13
0.0.0.0 eq 67
Sunnyslope(config)#
access-list 102 permit udp 152.86.2.0
0.0.0.255
152.86.65.13
.0.0.0.0 eq 68
Sunnyslope(config)# access-list 102
deny ip 152.86.180.0 0.0.0.255
152.86.101.0 0.0.0.255
Sunnyslope(config)#
access-list 102 permit ip any any
Sunnyslope(config)#
interface E0.2
Sunnyslope(config-subif)#
ip access-group 102 in
|
