Solved: ACL on switch in router on a stick

christoffer92 · ‎12-03-2022

Hello! I have set up a simple network with 3 networks and I want to deny access to a server on a different subnet.

I have tried setting up ACL on the router and the switch without success.

Is this possible?

Thanks!

MHM Cisco World · ‎12-03-2022

it simple
R2 have IP 10.0.0.100
R3 have IP 20.0.0.100
R1 is default Gateway and it router on a stick
I only apply the ACL with direction OUT in subinterface of 10.0.0.0/24 in R1
the ACL allow only
icmp echo-reply
icmp unreachable

this make R2 can ping R3 and get reply for it ping BUT R3 can not ping R2.

View solution in original post

Rob Ingram · ‎12-03-2022

@christoffer92 assuming the router is doing the intervlan routing, create an extended ACL to deny traffic to the server and permit the rest of the traffic. Apply this ACL inbound on the VLAN the PC is connected to.

If that doesn't work provide the configuration for review.

MHM Cisco World · ‎12-03-2022

it simple
R2 have IP 10.0.0.100
R3 have IP 20.0.0.100
R1 is default Gateway and it router on a stick
I only apply the ACL with direction OUT in subinterface of 10.0.0.0/24 in R1
the ACL allow only
icmp echo-reply
icmp unreachable

this make R2 can ping R3 and get reply for it ping BUT R3 can not ping R2.

reginaldjohnson · ‎12-04-2022

Add the ACL to the server VLAN or interface VLAN.