how can i deny access in one direction, but not the other? (pkt) - Page 2

meimeimei · ‎12-02-2023

Hi,

I'm sorry to bother you all, but I'm having some issues with the network I'm building in CISCO Packet Tracer.

In my network, I need to deny access from one direction but not the other. For instance, in my network, I need the VLAN 20 (172.16.8.0 /24), VLAN 30 (172.16.9.0 /24), VLAN 40 (172.16.10.0 /24) and VLAN 50 (172.16.0.0 /21) to be blocked from accessing the VLAN 10 (172.16.11.0 /27), but not vice versa; 172.16.11.0 /27 must still be able to ping those networks, but those networks must not be able to ping 172.16.11.0 /27.

I initially tried doing this using ACLs on the MainRouter, but that did not work at all as packets were able to ping in both directions even when I added ACL to a particular interface.

Does anyone know what my issue might be, and what should I do in order to fix it? Should i use other network security protocol? Any help would be much appreciated.

Gopinath_Pigili · ‎12-02-2023

Since, it is packet tracer....remove the implementation from physical interface(Gig0/1) and apply to Gig0/1.20

and check....it might be helpful....

Thanks

MHM Cisco World · ‎12-02-2023

Share the pkt file let me open in my pc.

MHM

meimeimei · ‎12-02-2023

okay, thank you.

Gopinath_Pigili · ‎12-02-2023

in the acl configuration remove eq operator and try.....we shuld use operator only using any port number.....

ip access-list 101 deny icmp 172.16.8.0 0.0.0.255 172.16.9.0 0.0.0.31 icmp
ip access-list 101 permit ip any any

Interface Gig0/1
ip access-group 101 in

Best regards
******* If This Helps, Please Rate *******