09-01-2017 10:40 AM - edited 03-05-2019 09:04 AM
Hi,
I have 2 SSID that make their own networks. Lets say one uses a dhcp pool of 192.172.1.0 and the other uses 10.10.10.0. I've tried making my own and then pinging each other to make sure that its not going through but it still does. Below is how I've tried setting them up myself:
ip access-list standard test
deny 198.172.1.0 0.0.255.255
permit 10.10.10.0 0.0.255.255
ip access-list standard test2
deny 10.10.10.0 0.0.255.255
permit 198.172.1.0 0.0.255.255
I've tried just applying one of them to one as well as one to each of the vlan and it never stops the ping from going through. Am I making these correctly?
09-01-2017 11:10 AM
As an example try an extended acl instead like below , the you would apply in and out on each interface so its blocked both ways from speaking to each others subnet , if its just ping your blocking change it to , pdeny TCP and add the icmp at then end of the line
ip access-list extended Mark
deny ip 99.99.99.0 0.0.0.255 89.89.89.0 0.0.0.255
permit ip any any
09-05-2017 11:21 AM
So would I do it like the following:
First make the list:
ip access-list extended test
deny ip 192.172.1.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip any any
Then:
interface vlan 2
ip access-group test in
interface vlan 3
ip access-group test out
Is this how I would do it? I'm not entirely sure how to applly in and out so this is my current understanding of how I would do this.
09-01-2017 12:06 PM - edited 09-01-2017 12:35 PM
Hi
Are you aplying it at inbound direction? example:
interface vlan 10
ip access-group test in
Try using extended ACL as Mark mentioned previously.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide