07-02-2014 10:25 AM - edited 03-07-2019 07:54 PM
Dear Team,
Please help me to configure the access-list.
Requirement:
I have three different subnets(10.1.1.0/24, 20.1.1.0/24, 30.1.1.0/24). PC1, PC3 are within 10.1.1.0 subnets and PC2 and PC4 are within 30.1.1.0 subnets.
I want 10.1.1.0 subnet should not access 30.1.1.0 subnets but 30.1.1.0 subnets should access 10.1.1.0 subnets. Please find below configuration.
At R2:
ip access-list exstandard 101
deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255
permit ip any any
int f0/0
ip access-group 101 in
But this configuration is not working, it's blocking the 30.1.1.0 subnet to access 10.1.1.0 also. Please help me!!!!!
Regards,
Sanjib
07-02-2014 12:36 PM
Hi,
post router model and IOS version, you need to configure traffic inspection to achieve this
07-10-2014 10:17 AM
Dear Paul,
Thanks...
But it's not working. Plz assist.
Regards,
Sanjib
07-02-2014 02:28 PM
Hello
I assume the rtrs are performing the routing for these subnets and no the switches, anyway your acl doesn't look correct, try this:
R2
ip access-list extended 101
deny ip 30.1.1.0 0.0.0.255 10.1.1.0 0.0.0.255
permit ip any any
int f0/0
ip access-group 101 in
or
ip access-list extended 101
deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255
permit ip any any
int f0/0
ip access-group 101 out
reverse the acl for R3 if applicable
res
Paul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: