04-22-2021 04:48 AM - edited 04-22-2021 04:54 AM
Hello,
I would like to quickly ask if anyone knows of a way to prevent traffic going from one interface to another. This is in packet tracer, my objective is to create a guest WIFI area without the ability to access the workspace through one of the two routers. Below you will see the layout and a illustration of the general Idea. I know I have to use an ACL but I'm not entirely sure how to do this.
The IP of the workspace Subnet is 192.168.3.0
The IP going between the two routers is 192.168.5.0 with the 2nd router having the IP 192.168.5.253 and the building 2 router .3.254.
The black arrow shows the way I wish the guest Wi-Fi traffic to be restricted to, with the red cross showing where it should be unable to access.
Thanks in advance
04-22-2021 05:02 AM
Hello,
you need to use an extended IP ACL that allows you to specify source and destination addresses
Example:
access-list 111 remark ACL for Guest traffic.
! note I suppose that 192.168.11.0/24 is you guest subnet
access-list 111 deny ip 192.168.11.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 111 permit ip 192.168.11.0 0.0.0.255 any
The deny statement needs to be first ( order is very important in ACL) and denies access to the workplace subnet.
On C2811 right FE you can apply :
interface type x/y
ip access-group 111 in
Hope to help
Giuseppe
04-23-2021 07:32 AM
Thanks, I'll give it a go and see if it works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide