ACL Not working on Sub Interface

Unanswered Question
Apr 21st, 2008

Configuring a Guest Subnet on a Remote Office Router:

Have Interface on Router Gig 0/0 with 3 Sub ints...

0/0.17 --> for Guests

0/0.31 --> for Prod Hosts

0/0.32 --> for Voice Hosts

Applied these list to 0/0.17

interface GigabitEthernet0/0.17

encapsulation dot1Q 17

ip address 172.17.10.1 255.255.255.0

ip access-group GuestIN in

ip access-group GuestOUT out

ip access-list extended GuestIN

remark Permit DHCP

permit udp any any eq bootps

permit udp any any eq bootpc

permit icmp any any

ip access-list extended GuestOUT

remark Permit DHCP & DMZ HTTP & HTTPS

permit udp any any eq bootps

permit udp any any eq bootpc

permit tcp any 10.200.12.0 0.0.0.255 eq www reflect OUTportfilter

permit tcp any 10.200.12.0 0.0.0.255 eq 443 reflect OUTportfilter

permit tcp any 10.200.10.0 0.0.0.255 eq www reflect OUTportfilter

permit tcp any 10.200.10.0 0.0.0.255 eq 443 reflect OUTportfilter

deny ip any 10.0.0.0 0.255.255.255

permit ip any any reflect OUTportfilter

After applying these 2 lists.

I can still telnet to hosts in the 10.221.40.0 network and or ping hosts in the 10.221.40.0 network. Am I missing something?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pccthailand Tue, 04/22/2008 - 20:20

Hi Jacob-Harris

As you said you can telnet and ping, you telnet and ping by used router or any other host from other subnet ?

Actions

This Discussion