troubleshooting Question

ACL not working

Avatar of Juan Pineiro
Juan PineiroFlag for United States of America asked on
RoutersCisco
11 Comments1 Solution240 ViewsLast Modified:
So I created an ACL and I put in on int g0/0 out

Not sure if the config is correct..

R0NWGS#sh run
Building configuration...

Current configuration : 3610 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname R0NWGS
!
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
ip dhcp excluded-address 192.168.2.1 192.168.2.15
ip dhcp excluded-address 192.168.3.1 192.168.3.15
ip dhcp excluded-address 192.168.4.1 192.168.4.15
ip dhcp excluded-address 192.168.6.1 192.168.6.15
ip dhcp excluded-address 192.168.7.1 192.168.7.15
ip dhcp excluded-address 192.168.5.1 192.168.5.15
!
ip dhcp pool hr
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.1
 dns-server 192.168.2.5
ip dhcp pool acc
 network 192.168.3.0 255.255.255.0
 default-router 192.168.3.1
 dns-server 192.168.2.5
ip dhcp pool market
 network 192.168.5.0 255.255.255.0
 default-router 192.168.5.1
 dns-server 192.168.2.5
ip dhcp pool SHIP
 network 192.168.6.0 255.255.255.0
 default-router 192.168.6.1
 dns-server 192.168.2.5
ip dhcp pool network
 network 192.168.7.0 255.255.255.0
 default-router 192.168.7.1
 dns-server 192.168.2.5
ip dhcp pool sales
 network 192.168.4.0 255.255.255.0
 default-router 192.168.4.1
 dns-server 192.168.2.5
!
ip cef
no ipv6 cef
!
username admin privilege 15 secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
!
license udi pid CISCO2911/K9 sn FTX1524Y3UL
!
ip domain-name nwgs.local
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
 ip address 50.73.7.209 255.255.255.252
 ip access-group vlans out
 ip nat outside
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.2
 encapsulation dot1Q 2
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1.3
 encapsulation dot1Q 3
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1.4
 encapsulation dot1Q 4
 ip address 192.168.4.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1.5
 encapsulation dot1Q 5
 ip address 192.168.5.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1.6
 encapsulation dot1Q 6
 ip address 192.168.6.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/1.7
 encapsulation dot1Q 7
 ip address 192.168.7.1 255.255.255.0
 ip nat inside
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Vlan1
 no ip address
 shutdown
!
router eigrp 100
 network 192.168.2.0
 network 192.168.3.0
 network 192.168.4.0
 network 192.168.5.0
 network 192.168.6.0
 network 192.168.7.0
 network 50.0.0.0
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip classless
!
ip flow-export version 9
!
ip access-list extended NAT
 permit ip 192.168.2.0 0.0.0.255 any
 permit ip 192.168.3.0 0.0.0.255 any
 permit ip 192.168.4.0 0.0.0.255 any
 permit ip 192.168.5.0 0.0.0.255 any
 permit ip 192.168.6.0 0.0.0.255 any
 permit ip 192.168.7.0 0.0.0.255 any
 permit ip any any
ip access-list extended vlans
 permit ip host 192.168.2.16 host 192.168.8.6
 permit ip host 192.168.3.16 host 192.168.8.6
 permit ip host 192.168.4.16 host 192.168.8.6
 permit ip host 192.168.5.16 host 192.168.8.6
 permit ip host 192.168.6.16 host 192.168.8.6
 permit ip host 192.168.7.16 host 192.168.8.6
 deny ip 192.168.2.0 0.0.0.255 any
 deny ip 192.168.3.0 0.0.0.255 any
 deny ip 192.168.4.0 0.0.0.255 any
 deny ip 192.168.5.0 0.0.0.255 any
 deny ip 192.168.6.0 0.0.0.255 any
 deny ip 192.168.7.0 0.0.0.255 any
 permit ip any any
!
no cdp run
!
line con 0
 password 7 082949420516
 login
!
line aux 0
 password 7 082949420516
 login
!
line vty 0 4
 password 7 082949420516
 login local
!
end



Thank you

Respectfully
J.Pineiro
ASKER CERTIFIED SOLUTION
Cyclops3590

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 11 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 11 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros