cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
359
Views
0
Helpful
2
Replies
Highlighted
Beginner

ACL Question

Hello All,

I really need your support to resolve this issue 

Please refer the diagram and config

I need to stop Branch office to  access Head office Subnet  192.168.0.1/24

Also Head office VLAN 20 (192.168.0.1/24) should have  internet access only . (No VLAN 10 or  branch Office network).

Both Branch office and VLAN 20 in head office in same IP range and currently branch office can access Head office VLAN 20 .

I really cannot find a way to stop branch office  accessing  HO VLAN 20

Many Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi,

ACL can be applied either in IN or OUT direction both have there own significance...

Inbound refers to packets coming in to the interface.

Outbound refers to packets going out from the interface.

Lets see example ..

PC-->fa0/0 (R1) Fa0/11 -->R2

So if PC is connected to R1 (we will assume interface Fa0/0) and R1's connection to R2 is using interface Fa0/11 the traffic flow for your ping packet would be;

Packet comes in to interface Fa0/0 on R1 from PC. Packet goes out from R1 to R2 on interface Fa0/11.

So as you can think and apply the ACL based on your traffic flow ..

Hope it Helps..

-GI

View solution in original post

2 REPLIES 2
Highlighted

Hi,

ACL can be applied either in IN or OUT direction both have there own significance...

Inbound refers to packets coming in to the interface.

Outbound refers to packets going out from the interface.

Lets see example ..

PC-->fa0/0 (R1) Fa0/11 -->R2

So if PC is connected to R1 (we will assume interface Fa0/0) and R1's connection to R2 is using interface Fa0/11 the traffic flow for your ping packet would be;

Packet comes in to interface Fa0/0 on R1 from PC. Packet goes out from R1 to R2 on interface Fa0/11.

So as you can think and apply the ACL based on your traffic flow ..

Hope it Helps..

-GI

View solution in original post

Highlighted

Hello Thanks for the reply.

I still in trouble to applying the correct ACL as both Branch office and Head office subents are same numbers. (192.18.0.0/24

the real issue is 

Branch office has a IP telephone box and the IP address assigned to the IP PBX is 192.168.0.10

and Head office VLAN 20 also has another PC or server assigned  with Same IP address .(cannot change this )

I recently configured VLAN 20 in HO router and  suddenly  IP phone system stopped working as 

when Branch office IP PBX transferred a call to head office ,the head office router start forwarding traffic in 192.168.0.10 in VLAN to instead of talking to the branch office IP pbx .(simply couldn't find the correct destination)