Can you post a basic diagram of your setup including gateways and where you test PC is connected (I believ this is a Lab envirement) and remove the config mentioned above as it will block all traffic when you match following criteria
I can give you a solution...well more of an option to accomplish what you are looking for but this will only work for TCP connections, not for ICMP or UDP. They would either be allowed or blocked
Use the Established keyword in ACL which will only allow response traffic from 172.16.2.0/23 subnet going to 172.16.0.0/27, nothing initiated from this 172.16.2.0/23 subnet would be allowed
Config will look like this:
access-list 100 permit tcp 172.16.2.0 0.0.1.255 172.16.0.0 0.0.0.31 established
access-list 100 deny tcp 172.16.2.0 0.0.1.255 172.16.0.0 0.0.0.31 --> this will allow UDP and ICMP initiated from this subnet
access-list 100 deny ip 172.16.2.0 0.0.1.255 172.16.0.0 0.0.0.31 --> This will block everything including UDP & ICMP which is initiated from this subnet, so use either one of these lines in the ACL
access-list 100 permit ip 172.16.2.0 0.0.1.255 any --> To allow traffic going towards internet, if you want to allow that for future
ip access-group 100 in
Apart from this, you have an option of using CBAC functionality in routers but that is dependant on the IOS being used and honestly I am not an expert in that, so would suggest you to dig more into this topic before thinking of implementing it
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...