Solved: ACL to allow only one host and block the others

Ranjita · ‎10-04-2023

Hi All,

I have 2 L3 Switches running HSRP, I have 2 VLANs defined VLAN 10 and VLAN 20.

The L3 switches also have OSPF running as they connect to an external network. As per requirements only one host from VLAN 10 is allowed to communicate with all hosts of VLAN 20.
I applied an IP ACL on the interface to prevent communication between VLAN 10 and VLAN 20,how do I permit one host alone?

deny ip 10.169.10.0 0.0.0.127 10.169.10.128 0.0.0.63

I want to allow 10.169.10.156 to access all hosts connected.

Please advise on how to achieve this.

Gopinath_Pigili · ‎10-04-2023

Instead of starting with deny....configure with permit statement...

permit ip 10.169.10.0 0.0.0.127 host 10.169.10.156

or

permit ip 10.169.10.0 0.0.0.127 10.169.10.156 0.0.0.0

both will give the same result....

Each and every acl any invisible statement is there deny ip any any

that blocks all other traffic....

Best regards
******* If This Helps, Please Rate *******

View solution in original post

Gopinath_Pigili · ‎10-04-2023