Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1628
Views
0
Helpful
1
Replies

Extended ACLs Not Working

Go to solution
mitsuyukiwashida
Level 1
Level 1

‎02-28-2020 07:54 AM - edited ‎02-28-2020 07:56 AM

Hello All,

 

I am trying to configure an extended ACL for my R2-NY. I want to deny ssh traffic from my 192.168.20.0/25 and made sure the direction is inbound.

 

The statement is below:

 

10 deny tcp 192.168.20.0 0.0.0.127 any eq 22

20 permit ip any any

 

However, it seems to not working. Could someone help me? For more info, please see my attachment containing the Packet Tracer file (you will need the latest version of Packet Tracer to open it). Also, R2-NY has a username and password. They are admin1 and password is ciscorouter2.

Labels:
Ultimate Network.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎02-28-2020 08:39 AM

Hi @mitsuyukiwashida 

 

The ACL must be applied to the subinterface that will filter the packets:

 

R2-NY(config)#int g0/2.20

R2-NY(config-subif)#ip access-group R2-NY in

R2-NY(config-subif)#exit

 

After that application, the filter works(in the image, I tested SSH before application and after application):

12.jpg

 

Regards

View solution in original post

0 Helpful
1 Reply 1

Go to solution
luis_cordova
VIP Alumni
VIP Alumni

‎02-28-2020 08:39 AM

Hi @mitsuyukiwashida 

 

The ACL must be applied to the subinterface that will filter the packets:

 

R2-NY(config)#int g0/2.20

R2-NY(config-subif)#ip access-group R2-NY in

R2-NY(config-subif)#exit

 

After that application, the filter works(in the image, I tested SSH before application and after application):

12.jpg

 

Regards

0 Helpful
Customers Also Viewed These Support Documents