×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Please assist me for access-list configuration

Unanswered Question
Jul 2nd, 2014
User Badges:

Dear Team,

Please help me to configure the access-list.

Requirement:

I have three different subnets(10.1.1.0/24, 20.1.1.0/24, 30.1.1.0/24). PC1, PC3 are within 10.1.1.0 subnets and PC2 and PC4 are within 30.1.1.0 subnets.

I want 10.1.1.0 subnet should not access 30.1.1.0 subnets but 30.1.1.0 subnets should access 10.1.1.0 subnets. Please find below configuration.

At R2:

ip access-list exstandard 101

deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255

permit ip any any

int f0/0

ip access-group 101 in

 

But this configuration is not working, it's blocking the 30.1.1.0 subnet to access 10.1.1.0 also. Please help me!!!!!

 

 

Regards,

Sanjib

 

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
alessandro.s Wed, 07/02/2014 - 12:36
User Badges:

Hi,

post router model and IOS version, you need to configure traffic inspection to achieve this

Sanjib Pradhan Thu, 07/10/2014 - 10:17
User Badges:

Dear Paul,

 

Thanks...

But it's not working. Plz assist.

 

Regards,

Sanjib

paul driver Wed, 07/02/2014 - 14:28
User Badges:
  • Green, 3000 points or more

Hello

I assume the rtrs are performing the routing for these subnets and no the switches, anyway your acl doesn't look correct, try this:
 

R2

ip access-list extended 101

deny ip 30.1.1.0 0.0.0.255 10.1.1.0 0.0.0.255

permit ip any any

int f0/0

ip access-group 101 in

 

or
 

ip access-list extended 101

deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255

permit ip any any

int f0/0

ip access-group 101 out

 

reverse the acl for R3 if applicable

 

res

Paul

Actions

This Discussion