ACL Packet Tracer Question

oneofthose — Tue, 12 Mar 2019 05:44:39 GMT

Currently practicing configuring ACLS on packet tracer and I am having trouble doing so. My scenario is that i have 3 vlans VLAN 10 sales Vlan 20 management Vlan 30 admin. I want to only permit vlan 30 to only have the access to the server and to deny vlan 10 and 20 access.

access-list 100 access-list 100 permit ip 192.168.0.0 0.0.0.31 192.168.10.2 0.0.0.0

access-list 100 access-list 100 deny ip any192.168.10.2 0.0.0.0

int fa0/0.30

ip access-group 100 in

When i do this it denies vlan 30 from pinging anything and vlan 10 and 20 can still ping radius server.

Hope anyone can help. Thanks

First point, you don't have

ryancisco01 — Wed, 08 Apr 2015 01:49:53 GMT

First point, you don't have an access list on vlan 10 and 20. So therefore all traffic will be allowed through on those vlans. You have applied to your access list to sub interface 30, meaning sub interface 10 and 20 traffic is not inspected.

As for vlan 30, access-list looks a bit jumbled but it should work. This is what i would do:

access-list 100 permit ip 192.168.0.0 0.0.0.31 host 192.168.10.2 log

access-list 100 deny ip any any log

Remember there is an implicit deny any at the bottom so any deny at the bottom is not needed, but in this case I have put it there with log keyword, so after you try your traffic do show access-list 100. and see what line has hit count increasing, that will indicate which rule the traffic is matching.

topic First point, you don't have in Network Security

ACL Packet Tracer Question

First point, you don't have