×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Cisco 2901 configuring ACL between interfaces.

Document

Thu, 06/19/2014 - 15:47
Jun 19th, 2014
User Badges:

Hi,

We have a CISCO 2901 router as a gateway with the internal network 192.168.30.0 0.0.0.255 configured on Interface Gigbit 0/0 and a VLAN for wifi guests 192.168.31.0 0.0.0.255 on Interface Gigabit 0/0.1 

I have tried to configure ACL on interface 0/0 to block packets from VLAN on 0/0.1 entering the internal network. 

access-list 130 deny   ip 192.168.31.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 130 permit ip 192.168.31.0 0.0.0.255 any

But with this config I can still ping from 31 to 30 

If I remove the second line I can't ping from 31-30 but clients inside lose access to the internet. 

 

Can someone suggest a configuration that will achieve the security without losing access to the outside world please. 

Thanks P

 

 

Loading.

Actions

This Document