Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

setting up access-list on sub-network

 

Hi All,

I setup access-list on Router2 to disallow access from PC1 to PC2 but it didn't work.

PC1: should access PC2, shouldn't access PC0

PC0: should access PC2

I setup,

 

access-list 101 deny ip 192.168.0.127 0.0.0.128 192.168.0.0 0.0.0.128

access-list 101 permit ip any any

 

and i set on Router2,

 

interface gi0/0.2

ip access-group 101 in

 

But still, PC1 can ping to PC0. I also configured on 'interface gi0/0' and it didn't work.

 

What else should i setup to disallow the connection?

 

Thanks in advance,

Everyone's tags (2)
5 REPLIES
Cisco Employee

Hi,You cannot filter the

Hi,

You cannot filter the traffic between PC0 and PC1 by ACL in L3 router. Both PC0 and PC1 are in same subnet/VLAN. So the traffic will directly flow from PC0 to L2switch to PC1. You may need to consider Private VLAN concept that you can apply in your L2 switch and make it not communicate among themself but to PC2.

 

-Nagendra

Purple

    Those 2 addresses are not

    Those 2 addresses are not in the same subnet , they are using a /25 mask .  Try this

access-list 101 deny ip 192.168.0.128 0.0.0.127 192.168.0.0 0.0.0.127

access-list 101 permit ip any any

 

Also make sure your trunking setup between switch and router is correct.  It should go on the vlan 20 subinterface on the router.

 

New Member

thanks for your advice but it

thanks for your advice but it didn't work.

I will test with PVLAN Edge and let you know the result.

- Dai Sung Choi

New Member

Can you post "show run" of

Can you post "show run" of the router?

New Member

I am using 2960s and it only

I am using 2960s and it only allows PVLAN Edge(protected ports) and will let you know how it goes.

Thanks for your support.

- Dai Sung Choi

104
Views
0
Helpful
5
Replies