Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Applying access-list alternative !

hi all. Kindly consider my following access-list that i want to apply on my branch router

access-list 111 per ip ho 10.1.56.1 host 10.1.4.56

access-list 111 per ip ho 10.1.56.2 host 10.1.3.6

access-list per ip ho 10.1.56.9 host 10.1.47.69

Now this should be the over all flow in the branch. Means, 10.1.56.1 should be able to talk only to 10.1.4.56 and vice versa, same for all 2 statements. No other communication should be allowed. I was thinking of applying it in the outbound direction and then create another access-list which will be exact mirror of it and then apply it inbound. But i was looking for a much better way of applying it. Like i shall be able to apply it only once such that bi-directional traffic should be allowed just between these IPs.

How is it possible ?

1 REPLY
Purple

Re: Applying access-list alternative !

You would apply it inbound on L3 interface that does the routing for 10.1.56.X subnet. This would take care of the flows . The way you have it now you would only have traffic from those 3 ips as there is a implied deny all at the end of the ACL .

144
Views
0
Helpful
1
Replies
CreatePlease to create content