Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3624
Views
0
Helpful
1
Replies

How to create ACL to block traffic from one network to another

Go to solution
abbas64
Level 1
Level 1

‎04-14-2017 08:32 AM - edited ‎03-12-2019 02:13 AM

I am trying to create an ACL to deny traffic from one network to anther network, but my lab assistant told me it is wrong. I am not sure what I am doing wrong.

I have a router with a computer connected to g0/0 interface with network ID 192.168.1.0/24. I need to block traffic from this network reaching 172.16.1.2/24 host. This is what I have done:

ip access-list extended Block_traffic

deny tcp 192.168.1.0 0.0.0.255 host 172.16.1.2

permit tcp any any

Can anyone please tell me what I am doing wrong?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-14-2017 10:45 AM

Firstly that acl only blocks TCP to that specific host. If  you want to block ICMP and UDP as well change "tcp" to "ip".

Secondly the acl should be applied to the gi0/0 interface in an inbound direction.

Jon

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-14-2017 10:45 AM

Firstly that acl only blocks TCP to that specific host. If  you want to block ICMP and UDP as well change "tcp" to "ip".

Secondly the acl should be applied to the gi0/0 interface in an inbound direction.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card