Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
1
Helpful
4
Replies

ACL configure

Go to solution
azerty800e
Level 1
Level 1

‎01-15-2024 02:27 AM

Hello,

I want to create an ACL on Cisco to prevent one network from communicating with others except for the internet. I managed to block the communication, but I lost internet access. I think I'm missing something.

List of my networks:

Network 1: 192.168.1.0/24 Network 2: 192.168.2.0/24 Network 3: 192.168.3.0/24 Network 4: 192.168.4.0/24 Network 5: 192.168.5.0/24 (connected to another router that connects to the internet)

Network 1 should not be able to communicate with other networks except for Network 5.

Can you help me with the commands? Should I use a standard ACL or an extended one?

Thank you for your assistance.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
MHM Cisco World
VIP
VIP
In response to azerty800e

‎01-15-2024 03:07 AM

There are two

Approach 

1- start acl with deny and end it with permit any any 

2-start with petmit and end with deny any any 

Here you mention you want to prevent your network to connect to other subnet and all access to internet 

So it first deny your subnet to connect to other subnet then permit any any (since we dont know which IP the host will connect).

MHM

View solution in original post

4 Replies 4

Go to solution
MHM Cisco World
VIP
VIP

‎01-15-2024 02:37 AM - edited ‎01-15-2024 02:37 AM

You need extended acl

The order is important 

1-Deny ip your subnet to connect to other subnet 

2-Permit ip any any

If there is server in other subnet use permit l4 port (l4 port server use)

MHM

0 Helpful

Go to solution
azerty800e
Level 1
Level 1
In response to MHM Cisco World

‎01-15-2024 03:02 AM

Thank for reply, Can't I do a deny any at the end ?

permy any is ok, but i would like make deny any. Possible ?

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to azerty800e

‎01-15-2024 03:07 AM

There are two

Approach 

1- start acl with deny and end it with permit any any 

2-start with petmit and end with deny any any 

Here you mention you want to prevent your network to connect to other subnet and all access to internet 

So it first deny your subnet to connect to other subnet then permit any any (since we dont know which IP the host will connect).

MHM

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-15-2024 03:18 AM

What device is this and what code running, depends on the device you need apply IN and OUT where the traffic orginnatic from or leaving to.

check below document with example :

https://community.cisco.com/t5/networking-knowledge-base/cisco-access-control-lists-acl/ta-p/4182349

https://www.ciscopress.com/articles/article.asp?p=1697887

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents