11-07-2019 01:26 AM
Hello Mates,
Here in ACL, I permitted one host and then deny all subnets from this, which didnt work for me. I believe there is eomthing i need to do more.
Vlan 10 = 192.168.10.0/24
vlan 20 = 192.168.20.0/24
vlan 30 = 192.168.30.0/24
Extended IP access list TEST
10 deny ip any 192.168.30.0 0.0.0.255 (5 match(es))
20 permit ip host 192.168.20.2 host 192.168.10.2 <<<<<here it tried one source host and one destination host to communicate to each other but all others will block>>>>>>>>>>>
30 deny ip any 192.168.20.0 0.0.0.255 (29 match(es))
40 permit ip any any (151 match(es))
Mean to say how can I deny all ip's from one subnet except one so that device can communicate to another specific computer.
Thanks in Advance.
11-07-2019 02:23 AM
Where are you applying the acl ?
Jon
11-09-2019 10:43 PM
Hello,
I am applying at int vlan 10.
so vlan 20 and vlan 30 will not communicate with vlan 10
But my target is to allow one specific to communicate.
thanks
11-10-2019 02:56 PM
@Jon Marshall asks one important question which is about where the ACL is applied. The other important question is about which direction the ACL is applied (is it applied inbound or applied outbound).
It seems to me that there is confusion in your ACL about the direction it is to be applied:
- your 2 deny statements seem to assume that the ACL would be applied inbound since the denied networks are destination addresses and are remote from the connected interface vlan 10.
- But the permit statement seems to assume that the ACL would be applied outbound since the permitted local address is the destination address.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide