04-23-2020 02:29 PM
Hi experts, what is the best practice to perform above requirement by using ACL?
I was thinking about using Routers but it won`t drop the ping in same network.
Also, somehow my switch (2960) doesn`t support access-group mode.
Could you give me some advises?
Thanks a lot
Will
Solved! Go to Solution.
04-23-2020 03:04 PM - edited 04-23-2020 03:08 PM
Hi @will75136
Pinging within the same network cannot be filtered with the methods proposed in your exercise.
However, there is no indication that pinging the other host should be denied.
The only ping denial must be between host 192.168.3.2 and host 192.168.1.2
I also remind you that at the end of all the lines of every ACL there is an implicit denial.
Therefore, to avoid that all other connectivity is denied, you must enter the permit ip any any line at the end of your ACL
Regards
04-23-2020 02:46 PM
04-24-2020 08:51 AM
04-23-2020 02:47 PM
Hi @will75136
When the request includes source, destination, and a protocol, an extended ACL should be used.
It is always recommended to configure and apply this type of ACL as close to the origin as possible.
In your case, it would be advisable to create and apply the ACL on the R5 and R6 routers.
Regards
04-23-2020 02:58 PM
04-23-2020 03:04 PM - edited 04-23-2020 03:08 PM
Hi @will75136
Pinging within the same network cannot be filtered with the methods proposed in your exercise.
However, there is no indication that pinging the other host should be denied.
The only ping denial must be between host 192.168.3.2 and host 192.168.1.2
I also remind you that at the end of all the lines of every ACL there is an implicit denial.
Therefore, to avoid that all other connectivity is denied, you must enter the permit ip any any line at the end of your ACL
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: