Please assist me for access-list configuration

Sanjib Pradhan · ‎07-02-2014

Dear Team,

Please help me to configure the access-list.

Requirement:

I have three different subnets(10.1.1.0/24, 20.1.1.0/24, 30.1.1.0/24). PC1, PC3 are within 10.1.1.0 subnets and PC2 and PC4 are within 30.1.1.0 subnets.

I want 10.1.1.0 subnet should not access 30.1.1.0 subnets but 30.1.1.0 subnets should access 10.1.1.0 subnets. Please find below configuration.

At R2:

ip access-list exstandard 101

deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255

permit ip any any

int f0/0

ip access-group 101 in

But this configuration is not working, it's blocking the 30.1.1.0 subnet to access 10.1.1.0 also. Please help me!!!!!

Regards,

Sanjib

alessandro.s · ‎07-02-2014

Hi,

post router model and IOS version, you need to configure traffic inspection to achieve this

Sanjib Pradhan · ‎07-10-2014

Dear Paul,

Thanks...

But it's not working. Plz assist.

Regards,

Sanjib

paul driver · ‎07-02-2014

Hello

I assume the rtrs are performing the routing for these subnets and no the switches, anyway your acl doesn't look correct, try this:

R2

ip access-list extended 101

deny ip 30.1.1.0 0.0.0.255 10.1.1.0 0.0.0.255

permit ip any any

int f0/0

ip access-group 101 in

or

ip access-list extended 101

deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255

permit ip any any

int f0/0

ip access-group 101 out

reverse the acl for R3 if applicable

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul