Create an ACL

Ed Lo · ‎09-01-2017

Hi,

I have 2 SSID that make their own networks. Lets say one uses a dhcp pool of 192.172.1.0 and the other uses 10.10.10.0. I've tried making my own and then pinging each other to make sure that its not going through but it still does. Below is how I've tried setting them up myself:

ip access-list standard test
deny 198.172.1.0 0.0.255.255
permit 10.10.10.0 0.0.255.255

ip access-list standard test2
deny 10.10.10.0 0.0.255.255
permit 198.172.1.0 0.0.255.255

I've tried just applying one of them to one as well as one to each of the vlan and it never stops the ping from going through. Am I making these correctly?

Mark Malone · ‎09-01-2017

As an example try an extended acl instead like below , the you would apply in and out on each interface so its blocked both ways from speaking to each others subnet , if its just ping your blocking change it to , pdeny TCP and add the icmp at then end of the line

ip access-list extended Mark
deny ip 99.99.99.0 0.0.0.255 89.89.89.0 0.0.0.255
permit ip any any

Ed Lo · ‎09-05-2017

So would I do it like the following:

First make the list:

ip access-list extended test
deny ip 192.172.1.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip any any

Then:

interface vlan 2

ip access-group test in

interface vlan 3

ip access-group test out

Is this how I would do it? I'm not entirely sure how to applly in and out so this is my current understanding of how I would do this.

Julio E. Moisa · ‎09-01-2017

Hi

Are you aplying it at inbound direction? example:

interface vlan 10

ip access-group test in

Try using extended ACL as Mark mentioned previously.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<