04-28-2006 01:48 PM - edited 03-05-2019 11:52 AM
If I have an ethernet interface with a primary and secondary ip on it, Can I put an access list on this prevent certain ip's from one subnet seeing the other, and would I have to apply this both ways ?
04-28-2006 08:26 PM
Hello Carl,
I'll respond if you promisse to rate the post!
Just kidding,
ok , you can do and yes, both ways.
interface FastEthernet0/1
ip address 10.10.2.1 255.255.255.0 secondary
ip address 10.10.1.1 255.255.255.0
ip access-group 100 in
ip access-group 100 out
access-list 100 deny ip 10.10.1.0 0.0.0.255 10.10.2.0 0.0.0.255
access-list 100 permit ip any any
that will do
HTH,
please rate this post if it does.
Vlad
04-29-2006 05:32 PM
Thankyou, how come you have to apply it both ways ?
04-29-2006 06:10 PM
As a matter of fact you dont!
just choose put it in
ip access-group 100 in
Thank you for bringing it to my attention.
Vlad
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide