access list

[Mary23]

i am quite new to this... i would appreciate some help

i need to configure my wireless access point in such a way that it will be able to access only web services on the 10.99.x.x subnet and no other parts of the private network....

 

[Mary23]

and also if possible wireless clients should be able to access an ISP at the 172.16.0.1 address

 

[helpdeskdan]

Let's see, off the top of my head, that should be:

access-list 101 permit ip 0.0.0.0 255.255.255.255 10.99.0.0 0.0.255.255
access-list 101 permit ip 0.0.0.0 255.255.255.255 172.16.0.1 0.0.0.0

That will permit any traffic headed to 10.99.0.0 /16 and 172.16.0.1. Of course, you'll require an access-class... er, no, an access-group to apply it to an interface. Access-class would be for a line.

 

[doktor]

Mary

I would do it in this way, as only HTTP traffic was requested for the 10.99.0.0 ntwork

access-list 101 permit tcp any 10.99.0.0 0.0.255.255 eq www
access-list 101 permit ip any 172.16.0.1 0.0.0.0

Enable the access-list at the inteface:

Router(config)#interface fastethernet 0/0
Router(config-if)#ip access-group 101 in
Router(config-if)#end

These 2 permit lines will enable the traffic requested.
Any other traffic will be blocked due to the implic deny facility.

///doktor