We help IT Professionals succeed at work.
Get Started

Cisco IOS, trouble with access rules

Last Modified: 2013-11-16
I'm having problems getting ACL to work properly, I'm trying to block a website with no sucess, I've got it set to block incomming traffic from this IP comming in to VLAN 1 any help is greatly appreciated thanks!

running config follows

Building configuration...

Current configuration : 4571 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname LABrtr
logging message-counter syslog
no logging buffered
no aaa new-model
clock timezone Muscat 4
crypto pki trustpoint TP-self-signed-2778094852
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2778094852
 revocation-check none
 rsakeypair TP-self-signed-2778094852
crypto pki certificate chain TP-self-signed-2778094852
 certificate self-signed 01
  30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32373738 30393438 3532301E 170D3130 30323035 31333431
  31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37373830
  39343835 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100A06A 0841F422 3BF19D85 2B9E5E68 D64BC9C2 61BDB02A 4DB987A7 E035FED5
  87C46710 04AB3100 86DDC8A5 B9BA4076 8D196B6E B397B60A A51392A9 80857548
  099366B6 D916F423 9E758F1C B424661A 4A25056A D2921CBA E3242F8A 55DD1C51
  D3FD4CE0 D4C0E4D7 8B918AF3 49E7937B 90364AD3 42001D52 938BD857 81F4E1C8
  426D0203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603
  551D1104 12301082 0E4C4142 7274722E 6C61622E 636F6D30 1F060355 1D230418
  30168014 9DD3377D 1ED4FD9C A576A779 5F2D7DCB ED57853F 301D0603 551D0E04
  1604149D D3377D1E D4FD9CA5 76A7795F 2D7DCBED 57853F30 0D06092A 864886F7
  0D010104 05000381 8100227B 0A797978 7804DB0F 979DFCEB 4ED3AE57 B84C2605
  53CF1229 59E511CC E9F6E4B9 3F8EFEB9 902DD257 F64FB513 1A13EB77 AFA43557
  ACAB035F B01BA6BB 25678ED0 DC725A10 F1B15372 DDB2DC4A 24448994 40B443CE
  9E70FB55 B8366820 5F6010B2 36D479B1 3988E143 49D2ED8D 0BAB0B0F C455AC22
  2FEDC744 FDCC1085 672C
ip source-route
ip dhcp excluded-address
ip dhcp pool local
   import all
   domain-name kaf
ip cef
ip domain name lab.com
ip name-server
ip name-server
ip name-server
username jah privilege 15 secret 5 $1$tkc9$8FElZ0XIodnFf9gCLBZID0
 log config
no ip rcmd domain-lookup
ip rcmd remote-host sdmR57dc0aa1 L57eda768 enable
ip rcmd remote-host sdmRf3a36a86 Lf3a36a86 enable
ip rcmd remote-host sdmR94f350d9 L94f350d9 enable
ip rcmd remote-username sdmRf3a36a86
class-map match-any p2p
bridge irb
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
 description $ETH-WAN$
 ip dhcp client hostname kaf
 ip address
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
interface wlan-ap0
 description Service module interface to manage the embedded AP
 ip unnumbered Vlan1
 service-module fail-open
 dot1x host-mode single-host
 arp timeout 0
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 service-module fail-open
interface Vlan1
 ip address
 ip access-group YOUTUBE in
 ip nat inside
 ip virtual-reassembly
interface Vlan2
 ip address
interface BVI1
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
ip default-gateway
ip forward-protocol nd
ip route
ip http server
ip http authentication local
ip http secure-server
ip flow-top-talkers
 top 10
 sort-by bytes
 cache-timeout 100
ip nat inside source list 1 interface FastEthernet4 overload
ip access-list extended YOUTUBE
 remark CCP_ACL Category=1
 remark YOUTUBE1
 deny   ip host
 remark YOUTUBE2
 deny   ip host
 remark YOUTUBE3
 deny   ip host
 permit ip any any
access-list 1 remark CCP_ACL Category=2
access-list 1 permit
bridge 1 protocol ieee
bridge 1 route ip
line con 0
 no modem enable
line aux 0
line 2
 no activation-character
 exec prompt timestamp
 no exec
 transport preferred none
 transport input all
line vty 0 4
 login local
 transport input all
 transport output all
scheduler max-task-time 5000
Watch Question
This problem has been solved!
Unlock 2 Answers and 8 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE