12-02-2023 02:33 AM - edited 12-02-2023 05:43 PM
Hi,
I'm sorry to bother you all, but I'm having some issues with the network I'm building in CISCO Packet Tracer.
In my network, I need to deny access from one direction but not the other. For instance, in my network, I need the VLAN 20 (172.16.8.0 /24), VLAN 30 (172.16.9.0 /24), VLAN 40 (172.16.10.0 /24) and VLAN 50 (172.16.0.0 /21) to be blocked from accessing the VLAN 10 (172.16.11.0 /27), but not vice versa; 172.16.11.0 /27 must still be able to ping those networks, but those networks must not be able to ping 172.16.11.0 /27.
I initially tried doing this using ACLs on the MainRouter, but that did not work at all as packets were able to ping in both directions even when I added ACL to a particular interface.
Does anyone know what my issue might be, and what should I do in order to fix it? Should i use other network security protocol? Any help would be much appreciated.
12-02-2023 08:46 AM
Since, it is packet tracer....remove the implementation from physical interface(Gig0/1) and apply to Gig0/1.20
and check....it might be helpful....
Thanks
12-02-2023 10:16 AM
Share the pkt file let me open in my pc.
MHM
12-02-2023 05:44 PM
okay, thank you.
12-02-2023 02:28 PM
in the acl configuration remove eq operator and try.....we shuld use operator only using any port number.....
ip access-list 101 deny icmp 172.16.8.0 0.0.0.255 172.16.9.0 0.0.0.31 icmp
ip access-list 101 permit ip any any
Interface Gig0/1
ip access-group 101 in
Best regards
******* If This Helps, Please Rate *******
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide