Wednesday, January 15, 2014

Cisco - Access List for internet access only

how to configure ACL on Cisco switch for internet browsing only:

VLAN 60 > Guest VLAN
Network Address: 192.168.60.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.60.1

DHCP configuration:
ip dhcp excluded-address 192.168.60.1 192.168.60.50
ip dhcp pool Guest
   network 192.168.60.0 255.255.255.0
   default-router 192.168.60.1
   dns-server 8.8.8.8
!

Configure ACL:
access-list 102 permit udp 192.168.60.0 0.0.0.255 any eq domain
access-list 102 permit udp 192.168.60.0 0.0.0.255 any eq bootpc
access-list 102 permit udp 192.168.60.0 0.0.0.255 any eq bootps
access-list 102 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps
access-list 102 permit tcp 192.168.60.0 0.0.0.255 any eq www
access-list 102 permit tcp 192.168.60.0 0.0.0.255 any eq 443

Apply ACL on the Vlan interface:
interface Vlan60
 ip address 192.168.60.1 255.255.255.0
 ip access-group 102 in

No comments:

Post a Comment