Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring VLAN ACL's on a Cisco 2901

Hi,

We have a CISCO 2901 router as a gateway with the internal network 192.168.30.0 0.0.0.255 configured on Interface Gigbit 0/0 and a VLAN for wifi guests 192.168.31.0 0.0.0.255 on Interface Gigabit 0/0.1 

I have tried to configure ACL on interface 0/0 to block packets from VLAN on 0/0.1 entering the internal network. 

access-list 130 deny   ip 192.168.31.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 130 permit ip 192.168.31.0 0.0.0.255 any

But with this config I can still ping from 31 to 30 

If I remove the second line I can't ping from 31-30 but clients inside lose access to the internet. 

 

Can someone suggest a configuration that will achieve the security without losing access to the outside world please. 

Thanks P

Everyone's tags (1)
2 REPLIES

can you post here sh runandsh

can you post here

 

sh run

and

sh access-list

Hi,Could you please bind this

Hi,

Could you please bind this ACl to interface 0/0.1 which is a source LAN where you need to block the traffic and try?

 

HTH

 

Regards

Karthik

 

 


 

66
Views
0
Helpful
2
Replies
CreatePlease to create content