Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

How to create ACL to block traffic from one network to another

I am trying to create an ACL to deny traffic from one network to anther network, but my lab assistant told me it is wrong. I am not sure what I am doing wrong.

I have a router with a computer connected to g0/0 interface with network ID 192.168.1.0/24. I need to block traffic from this network reaching 172.16.1.2/24 host. This is what I have done:

ip access-list extended Block_traffic

deny tcp 192.168.1.0 0.0.0.255 host 172.16.1.2

permit tcp any any

Can anyone please tell me what I am doing wrong?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Firstly that acl oly blocs

Firstly that acl only blocks TCP to that specific host. If  you want to block ICMP and UDP as well change "tcp" to "ip".

Secondly the acl should be applied to the gi0/0 interface in an inbound direction.

Jon

1 REPLY
Hall of Fame Super Blue

Firstly that acl oly blocs

Firstly that acl only blocks TCP to that specific host. If  you want to block ICMP and UDP as well change "tcp" to "ip".

Secondly the acl should be applied to the gi0/0 interface in an inbound direction.

Jon

46
Views
0
Helpful
1
Replies
CreatePlease to create content