Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Please assist me for access-list configuration

Dear Team,

Please help me to configure the access-list.

Requirement:

I have three different subnets(10.1.1.0/24, 20.1.1.0/24, 30.1.1.0/24). PC1, PC3 are within 10.1.1.0 subnets and PC2 and PC4 are within 30.1.1.0 subnets.

I want 10.1.1.0 subnet should not access 30.1.1.0 subnets but 30.1.1.0 subnets should access 10.1.1.0 subnets. Please find below configuration.

At R2:

ip access-list exstandard 101

deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255

permit ip any any

int f0/0

ip access-group 101 in

 

But this configuration is not working, it's blocking the 30.1.1.0 subnet to access 10.1.1.0 also. Please help me!!!!!

 

 

Regards,

Sanjib

 

3 REPLIES
Community Member

Hi,post router model and IOS

Hi,

post router model and IOS version, you need to configure traffic inspection to achieve this

Community Member

Dear Paul, Thanks...But it's

Dear Paul,

 

Thanks...

But it's not working. Plz assist.

 

Regards,

Sanjib

VIP Purple

HelloI assume the rtrs are

Hello

I assume the rtrs are performing the routing for these subnets and no the switches, anyway your acl doesn't look correct, try this:
 

R2

ip access-list extended 101

deny ip 30.1.1.0 0.0.0.255 10.1.1.0 0.0.0.255

permit ip any any

int f0/0

ip access-group 101 in

 

or
 

ip access-list extended 101

deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255

permit ip any any

int f0/0

ip access-group 101 out

 

reverse the acl for R3 if applicable

 

res

Paul

Please don't forget to rate any posts that have been helpful. Thanks.
71
Views
0
Helpful
3
Replies
CreatePlease to create content