ACL standard block a specfic host from accessing a specific host

impostorhd · ‎12-12-2022

Hi,

As the title says how to block a host from accessing specific host but excluded the other one?

More specifically, I want to prevent Host A from accessing Host C and D using standard acl.

I tried doing `access-list 20 deny host <host A IP> host <host B IP> but it does not work returns an error, I saw this syntax from a forum(can't find the link) my cisco packet tracer version is 8.2.0 and I have also tried doing this on switch using:

1. access-list 20 deny host <host A IP>

2. access-list 20 permit any

3. int fa0/1 (the interface of Host C connecting to the switch in the image)

4. ip access-group 20 in (shows an error that ip access-group is not recognized).

What is the workaround here, how can I apply the access-list 20 to block Host A from accessing host C and D?

Thanks in advance!

MHM Cisco World · ‎12-13-2022

you can use PACL or VACL in SW but using RACL in router will not work here because the traffic is bridging in SW not routing in Router, this because Host have same subnet so they DONT ask Router to forward traffic within same subnet.

impostorhd · ‎12-13-2022

Hi,

It seems like VACL is the solution to my problem , I tried following this article and this but unfortunately returns an unrecognized commands from first article the error starts with this line:

vlan access-map NOT-TO-SERVER 10

It points out that the `access-map` is unrecognized, maybe I will try and install an older version of Cisco Packet Tracer, anyway.

Thanks for answering!

MHM Cisco World · ‎12-14-2022

You are so so welcome