02-28-2020 07:54 AM - edited 02-28-2020 07:56 AM
Hello All,
I am trying to configure an extended ACL for my R2-NY. I want to deny ssh traffic from my 192.168.20.0/25 and made sure the direction is inbound.
The statement is below:
10 deny tcp 192.168.20.0 0.0.0.127 any eq 22
20 permit ip any any
However, it seems to not working. Could someone help me? For more info, please see my attachment containing the Packet Tracer file (you will need the latest version of Packet Tracer to open it). Also, R2-NY has a username and password. They are admin1 and password is ciscorouter2.
Solved! Go to Solution.
02-28-2020 08:39 AM
The ACL must be applied to the subinterface that will filter the packets:
R2-NY(config)#int g0/2.20
R2-NY(config-subif)#ip access-group R2-NY in
R2-NY(config-subif)#exit
After that application, the filter works(in the image, I tested SSH before application and after application):
Regards
02-28-2020 08:39 AM
The ACL must be applied to the subinterface that will filter the packets:
R2-NY(config)#int g0/2.20
R2-NY(config-subif)#ip access-group R2-NY in
R2-NY(config-subif)#exit
After that application, the filter works(in the image, I tested SSH before application and after application):
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide