Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
0
Helpful
4
Replies

Can't apply acceslists on Packetracer

Go to solution
buggfish
Level 1
Level 1

‎11-16-2023 02:26 AM - edited ‎11-16-2023 02:46 AM

Hello there,

I´m currently creating a virtual network in packettracer for my internship. I tried to create a couple of vlans on a 3560 switch that should communicate with each other. I need one of the vlans to be able to connect to all others but the rest should not be able to connect to each other. i tried creating an access-list to stop the other vlans from accessing each other but when I try to apply this acl to a port or a vlan accepts it but doesnt do anything. when reviewing the interfaces with sh ip int it just says "inbound access-list is not set"

Labels:
erster_Aufbau_vm_geht_nicht.zip
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP
In response to buggfish

‎11-16-2023 04:16 AM - edited ‎11-16-2023 04:20 AM

Thanks a lot @buggfish.

There are few things wrong on your PT project before speaking ACL.

First your 3560 need ip routing command under configuration terminal.

Then, check all your TRUNK port on all Switch. You have configured mode access and mode trunk under the same interface.

AS an example on Switch 0 you should have this on port Gi0/2 facing 3560 (L3 Switch):

M02rt37_0-1700136153569.png

On the L3-Switch port Gi0/2 facing the Switch0 Gi0/2

M02rt37_1-1700136196336.png

Also, ensure to have configured the ports as access port where endpoints are connected, sucha as server, or PC. Example on Switch 0 port 0/10 facing PCS1 [192.168.11.100/24].

M02rt37_2-1700136268043.png

Also, on L2 Switch delete all interface vlan! There L2 switch. 

After all these modifications, ensure PCs/Serverss could ping each others.

Note that Server0 has no Gateway configured....add its Gateway 192.168.10.2 and double check all endpoints' IP configuration.

---

Then, go through ACL! Apply ACL on L3 Switch, on interface vlan.

As an example after these modifications, PC0 can ping PCS1, and Server0 can ping PCS1 also:

M02rt37_3-1700136442329.png

M02rt37_4-1700136565384.png

=> I want now an ACL to permit only PC0 to ping PCS1, not frome Server0!

ACL extended on L3 Switch:

M02rt37_5-1700136922089.png

Apply that ACL on interface vlan 10 (in) as I did.

Now, only PC0 can ping PCS1, not Server0:

M02rt37_6-1700136968388.png

 

 

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
M02@rt37
VIP
VIP

‎11-16-2023 02:38 AM

Hello @buggfish 

could you please share your packet tracer project?

In a Zip file here.

Thanks a lot.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
buggfish
Level 1
Level 1
In response to M02@rt37

‎11-16-2023 02:47 AM

i just added it to the original post

 

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to buggfish

‎11-16-2023 04:16 AM - edited ‎11-16-2023 04:20 AM

Thanks a lot @buggfish.

There are few things wrong on your PT project before speaking ACL.

First your 3560 need ip routing command under configuration terminal.

Then, check all your TRUNK port on all Switch. You have configured mode access and mode trunk under the same interface.

AS an example on Switch 0 you should have this on port Gi0/2 facing 3560 (L3 Switch):

M02rt37_0-1700136153569.png

On the L3-Switch port Gi0/2 facing the Switch0 Gi0/2

M02rt37_1-1700136196336.png

Also, ensure to have configured the ports as access port where endpoints are connected, sucha as server, or PC. Example on Switch 0 port 0/10 facing PCS1 [192.168.11.100/24].

M02rt37_2-1700136268043.png

Also, on L2 Switch delete all interface vlan! There L2 switch. 

After all these modifications, ensure PCs/Serverss could ping each others.

Note that Server0 has no Gateway configured....add its Gateway 192.168.10.2 and double check all endpoints' IP configuration.

---

Then, go through ACL! Apply ACL on L3 Switch, on interface vlan.

As an example after these modifications, PC0 can ping PCS1, and Server0 can ping PCS1 also:

M02rt37_3-1700136442329.png

M02rt37_4-1700136565384.png

=> I want now an ACL to permit only PC0 to ping PCS1, not frome Server0!

ACL extended on L3 Switch:

M02rt37_5-1700136922089.png

Apply that ACL on interface vlan 10 (in) as I did.

Now, only PC0 can ping PCS1, not Server0:

M02rt37_6-1700136968388.png

 

 

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-16-2023 02:40 AM

You need to post your ACL and topology how it look like.

better understanding start from here :

https://networklessons.com/uncategorized/extended-access-list-established

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card