Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
527
Views
0
Helpful
6
Replies

How to setup an ACL between these two hosts?

Go to solution
bendetamasmark1
Level 1
Level 1

‎03-17-2016 05:31 AM - edited ‎03-05-2019 03:35 AM

Ok, i have a bit problem i don't know how to solve:

I have got a router, to it a switch is connected, and to it there are two servers connected.

The router is connected to the switch on the fa0/1 interface (192.168.2.249).

The two hosts are connected to the switch on the fa0/1 and fa0/2 switch interface.

I want to make sure that the two hosts are unable to ping each other.

Host 1 ip address is: 192.168.2.250

Host 2: 192.168.2.251

Can someone help me how to setup the ACLs so they cant reach each other? I know the wildcard mask should be 0.0.0.0, but i'M not sure what the acl command should look like.

On which interface should this ACL be applied? In, out?

Thank you for your help in advance.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bendetamasmark1

‎03-17-2016 12:13 PM

Since both host addresses are in the same subnet these hosts would communicate directly and would not go through the router. So there is not any kind of access list on the router that could prevent the hosts communicating. Perhaps there might be some kind of port ACL on the switch. But protected ports is probably the best alternative.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
6 Replies 6

Go to solution
bendetamasmark1
Level 1
Level 1
In response to Philip D'Ath

‎03-17-2016 09:52 AM

A 2950T-24.

So if I set the switches fa0/1 and fa0/2 to be protected ports, they cannot ping each other, but they can still be reached from other ports?

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bendetamasmark1

‎03-17-2016 12:13 PM

Since both host addresses are in the same subnet these hosts would communicate directly and would not go through the router. So there is not any kind of access list on the router that could prevent the hosts communicating. Perhaps there might be some kind of port ACL on the switch. But protected ports is probably the best alternative.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎03-17-2016 07:30 PM

I am glad that our suggestions have been helpful to you. Thank you for using the rating system to mark this question as answered. This will help other readers in the forum to identify discussions which have useful information.

I hope you will continue to be active in these forums.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to bendetamasmark1

‎03-17-2016 12:35 PM

2950's support protected ports.  Follow that URL I gave and you can configure it up.

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to bendetamasmark1

‎03-17-2016 12:41 PM

Yes, they can be reached from other ports.

0 Helpful
Customers Also Viewed These Support Documents