Create an ACL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2017 10:40 AM - edited 03-05-2019 09:04 AM
Hi,
I have 2 SSID that make their own networks. Lets say one uses a dhcp pool of 192.172.1.0 and the other uses 10.10.10.0. I've tried making my own and then pinging each other to make sure that its not going through but it still does. Below is how I've tried setting them up myself:
ip access-list standard test
deny 198.172.1.0 0.0.255.255
permit 10.10.10.0 0.0.255.255
ip access-list standard test2
deny 10.10.10.0 0.0.255.255
permit 198.172.1.0 0.0.255.255
I've tried just applying one of them to one as well as one to each of the vlan and it never stops the ping from going through. Am I making these correctly?
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2017 11:10 AM
As an example try an extended acl instead like below , the you would apply in and out on each interface so its blocked both ways from speaking to each others subnet , if its just ping your blocking change it to , pdeny TCP and add the icmp at then end of the line
ip access-list extended Mark
deny ip 99.99.99.0 0.0.0.255 89.89.89.0 0.0.0.255
permit ip any any
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2017 11:21 AM
So would I do it like the following:
First make the list:
ip access-list extended test
deny ip 192.172.1.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip any any
Then:
interface vlan 2
ip access-group test in
interface vlan 3
ip access-group test out
Is this how I would do it? I'm not entirely sure how to applly in and out so this is my current understanding of how I would do this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-01-2017 12:06 PM - edited 09-01-2017 12:35 PM
Hi
Are you aplying it at inbound direction? example:
interface vlan 10
ip access-group test in
Try using extended ACL as Mark mentioned previously.
>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
