Solved: Extended ACLs Not Working

mitsuyukiwashida · ‎02-28-2020

Hello All,

I am trying to configure an extended ACL for my R2-NY. I want to deny ssh traffic from my 192.168.20.0/25 and made sure the direction is inbound.

The statement is below:

10 deny tcp 192.168.20.0 0.0.0.127 any eq 22

20 permit ip any any

However, it seems to not working. Could someone help me? For more info, please see my attachment containing the Packet Tracer file (you will need the latest version of Packet Tracer to open it). Also, R2-NY has a username and password. They are admin1 and password is ciscorouter2.

luis_cordova · ‎02-28-2020

Hi @mitsuyukiwashida

The ACL must be applied to the subinterface that will filter the packets:

R2-NY(config)#int g0/2.20

R2-NY(config-subif)#ip access-group R2-NY in

R2-NY(config-subif)#exit

After that application, the filter works(in the image, I tested SSH before application and after application):

Regards

View solution in original post

luis_cordova · ‎02-28-2020

Hi @mitsuyukiwashida

The ACL must be applied to the subinterface that will filter the packets:

R2-NY(config)#int g0/2.20

R2-NY(config-subif)#ip access-group R2-NY in

R2-NY(config-subif)#exit

After that application, the filter works(in the image, I tested SSH before application and after application):

Regards

Extended ACLs Not Working

rip is not working

Ignore ACLs.

Configure FQDN Object on Extended ACL for PBR on FMC

Find Extended ACLs in FMC

Extended Detection and Response Guided Resources