He writes a great blog and is moving on to his CCNP. Send him a congrats if you get a chance!

CCNA pass post

This is a basic example of a Dynamic ACL by allowing web access to a remote server. What we are doing here is allowing a host (R1’s vlan network) to access a web server ( R2’s vlan network) on a remote box. Again this is basic as it is going to get.

First configure the access-list on R2 for the Dynamic ACL

  • access-list 101 permit tcp any any eq 23 (we need to allow telnet through so we can authenticate. Now we can get away without this line here since we have permit ip any any at the bottom of the ACL. This will all depend on how you have to build out the ACL if you need this or not.)
  • access-list 101 dynamic HTTP permit tcp any any eq 80 (we could specify a specific host that is allowed access here or a subnet but we want to allow anyone that can authenticate for this example.)
  • access-list 101 deny tcp any any eq 80 (Here we are blocking access to anyone that doesn’t authenticate for web traffic.)
  • access-list 101 permit ip any any (Here we are allowing the rest of the incoming traffic in.)

Read more