Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
652
Views
0
Helpful
0
Comments

Cisco 2901 configuring ACL between interfaces.

pauljackson2
Level 1
Level 1

‎06-19-2014 03:47 PM - edited ‎03-08-2019 06:55 PM

Hi,

We have a CISCO 2901 router as a gateway with the internal network 192.168.30.0 0.0.0.255 configured on Interface Gigbit 0/0 and a VLAN for wifi guests 192.168.31.0 0.0.0.255 on Interface Gigabit 0/0.1 

I have tried to configure ACL on interface 0/0 to block packets from VLAN on 0/0.1 entering the internal network. 

access-list 130 deny   ip 192.168.31.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 130 permit ip 192.168.31.0 0.0.0.255 any

But with this config I can still ping from 31 to 30 

If I remove the second line I can't ping from 31-30 but clients inside lose access to the internet. 

 

Can someone suggest a configuration that will achieve the security without losing access to the outside world please. 

Thanks P

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents