cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1246
Views
0
Helpful
3
Replies

ACL on switch in router on a stick

christoffer92
Level 1
Level 1

Hello! I have set up a simple network with 3 networks and I want to deny access to a server on a different subnet.

I have tried setting up ACL on the router and the switch without success.

Is this possible?

Thanks!

1 Accepted Solution

Accepted Solutions

Screenshot (31).png
it simple 
R2 have IP 10.0.0.100 
R3 have IP 20.0.0.100
R1 is default Gateway and it router on a stick 
I only apply the ACL with direction OUT in subinterface of 10.0.0.0/24 in R1 
the ACL allow only 
icmp echo-reply 
icmp unreachable 

this make R2 can ping R3 and  get reply for it ping BUT R3 can not ping R2.

View solution in original post

3 Replies 3

@christoffer92 assuming the router is doing the intervlan routing, create an extended ACL to deny traffic to the server and permit the rest of the traffic. Apply this ACL inbound on the VLAN the PC is connected to.

If that doesn't work provide the configuration for review.

Screenshot (31).png
it simple 
R2 have IP 10.0.0.100 
R3 have IP 20.0.0.100
R1 is default Gateway and it router on a stick 
I only apply the ACL with direction OUT in subinterface of 10.0.0.0/24 in R1 
the ACL allow only 
icmp echo-reply 
icmp unreachable 

this make R2 can ping R3 and  get reply for it ping BUT R3 can not ping R2.

reginaldjohnson
Level 1
Level 1

Add the ACL to the server VLAN or interface VLAN. 

Review Cisco Networking for a $25 gift card