11-20-2022 11:11 PM
I have this topology like this.
Vlan 116: can ping to DHCP Server (10.125.115.254)
Other Vlan (118, 120, 121) cannot ping to DHCP server, just block icmp protocol.
And my command as below:
access-list 100 permit icmp 10.125.116.0 0.0.0.255 host 10.125.115.254
access-list 100 deny icmp any host 10.125.115.254
access-list 100 permit ip any any
Then apply this ACL to port G1/0/22:
ip access-list 100 out
After that, nothing happen. All of Vlan still ping to DHCP server.
Somebody help me
Solved! Go to Solution.
11-21-2022 01:08 AM - edited 11-21-2022 01:19 AM
Yes but if the VLAN is Server VLAN so the direction must be OUT not IN
NOTE:- you can apply ACL under SVI of VLAN if the inter-VLAN done in SW not in router, if the inter-VLAN done in router then you need to apply ACL in subinterface.
11-20-2022 11:14 PM
And DHCP server is belong to Vlan 115.
G1/0/22:
switchport mode acc
switchport acc vlan 115
ip access-group 100 out
11-21-2022 12:11 AM - edited 11-21-2022 12:12 AM
This interface is l2 so access list not work here.
Apply acl on subinterface or svi of vlan
11-21-2022 01:04 AM
So you mean i need to apply ACL to Vlan 115?
int vlan 115
ip access-group 100 in
Like this? Right?
11-21-2022 01:08 AM - edited 11-21-2022 01:19 AM
Yes but if the VLAN is Server VLAN so the direction must be OUT not IN
NOTE:- you can apply ACL under SVI of VLAN if the inter-VLAN done in SW not in router, if the inter-VLAN done in router then you need to apply ACL in subinterface.
11-21-2022 01:48 AM
Ok, it work.
Thanks man.
11-21-2022 01:55 AM
you are so so welcome
11-21-2022 01:18 AM
Hello,
post your zipped Packet Tracer project (.pkt) file...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide