Extended ACLs - Question

santanacsantanac Member Posts: 5 ■□□□□□□□□□
I'm currently using Todd Lammle's book to study for CCENT. On chapter 12 he's explaining how to create an extended access list for the topology.



The configuration it's done with these three statements to allow Host B only HTTP access to the Finance Server

Lab_A(config)#access-list 110 permit tcp host 192.168.177.2 host 172.22.89.26 eq 80
Lab_A(config)#access-list 110 deny tcp any host 172.22.89.26 eq 80
Lab_A(config)#access-list 110 permit ip any any
Lab_A(config)#interface fastethernet 0/1
Lab_A(config-if)#ip access-group 110 out

Wouldn't had the first statement by itself done the job? Since there's an implicit deny, there's no need for the second and third statement, which are being created to avoid the branch office on Lab A serial link to have access to the finance server. Please correct me if im wrong. Thanks for the help.

Comments

  • tomtom1tomtom1 Member Posts: 375
    Yes, you are correct, but the ACL would be correct if the objective stated something like, "but allow all other traffic", since there are other clients and other servers, I presume that would be the reason to end with the permit ip any any.
  • santanacsantanac Member Posts: 5 ■□□□□□□□□□
    Thank you sir, and you are correct. I went over the objective and he stated that all other traffic will be permitted. For some reason the Host B only part got stuck in my head.
Sign In or Register to comment.