how to configure ACL on Cisco switch for internet browsing only:
VLAN 60 > Guest VLAN
Network Address: 192.168.60.0
Subnet Mask: 255.255.255.0
Gateway: 192.168.60.1
DHCP configuration:
ip dhcp excluded-address 192.168.60.1 192.168.60.50
ip dhcp pool Guest
network 192.168.60.0 255.255.255.0
default-router 192.168.60.1
dns-server 8.8.8.8
!
Configure ACL:
access-list 102 permit udp 192.168.60.0 0.0.0.255 any eq domain
access-list 102 permit udp 192.168.60.0 0.0.0.255 any eq bootpc
access-list 102 permit udp 192.168.60.0 0.0.0.255 any eq bootps
access-list 102 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps
access-list 102 permit tcp 192.168.60.0 0.0.0.255 any eq www
access-list 102 permit tcp 192.168.60.0 0.0.0.255 any eq 443
Apply ACL on the Vlan interface:
interface Vlan60
ip address 192.168.60.1 255.255.255.0
ip access-group 102 in
No comments:
Post a Comment