Press "Enter" to skip to content

Why is my ACL not blocking traffic on my cisco router interface?

Last updated on December 25, 2018

        So here is my config.
I want traffic coming from all networks except 172.23.1.0/24 to be blocked by inferface fa 0/0 So on the router I creater 2 ACLs ACL 10
R1# access-list 10 permit 172.23.1.0 0.0.0.255

R1# access-list 10 deny any
ACL 101
R1# access-list 101 permit ip 172.23.1.0 0.0.0.255 10.10.10.0 0.0.0.255
Now I tried all the combination ip access-group 10 in after that ip access-group 10 out, after that ip access-group 101 in and finnaly ip access-group 10 out. All of these on interface fa 0/0 of R1.... But I can still ping hosts of 10.10.10.0/24 network with any body. I'd like only host of 172.23.1.0/24 to be able to communicate with them... What did I do wrong here ? Below is R1 Config
hostname R1
!
!
no ip cef
no ipv6 cef
!
!
username admin password 7 08204B471D1C09
!!
ip ssh version 1
ip domain-name mycorp.com
!!
!
interface FastEthernet0/0
 no ip address
 ip access-group 101 in
 ip access-group 10 out
 duplex auto
 speed auto
!
interface FastEthernet0/0.2
 encapsulation dot1Q 99
 ip address 10.10.10.3 255.255.255.0
 ip access-group 10 in
!
interface FastEthernet0/0.3
 encapsulation dot1Q 100
 ip address 10.100.100.3 255.255.255.0
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
 shutdown
!
interface Serial0/0
 ip address 192.168.1.130 255.255.255.192
!
interface Serial0/1
 no ip address
 clock rate 2000000
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.129 
!
ip flow-export version 9
!
!
access-list 15 permit 10.10.10.0 0.0.0.255
access-list 15 deny any
access-list 10 permit 172.23.1.0 0.0.0.255
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 10 deny any
!
!
line con 0
!
line aux 0
!
line vty 0 4
 access-class 15 in
 password 7 08204B471D1C09
 login
line vty 5 15
 access-class 15 in
 login local
!
!
!
end
So below is the image of my network. Only PC2 only should be able to communicate with PC1. PC3 should not BUT it does... My network

Be First to Comment

Leave a Reply

%d bloggers like this: