Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1016
Views
0
Helpful
2
Replies

Configuring VLAN ACL's on a Cisco 2901

pauljackson2
Level 1
Level 1

‎06-19-2014 09:54 PM - edited ‎02-20-2020 09:43 PM

Hi,

We have a CISCO 2901 router as a gateway with the internal network 192.168.30.0 0.0.0.255 configured on Interface Gigbit 0/0 and a VLAN for wifi guests 192.168.31.0 0.0.0.255 on Interface Gigabit 0/0.1 

I have tried to configure ACL on interface 0/0 to block packets from VLAN on 0/0.1 entering the internal network. 

access-list 130 deny   ip 192.168.31.0 0.0.0.255 192.168.30.0 0.0.0.255
access-list 130 permit ip 192.168.31.0 0.0.0.255 any

But with this config I can still ping from 31 to 30 

If I remove the second line I can't ping from 31-30 but clients inside lose access to the internet. 

 

Can someone suggest a configuration that will achieve the security without losing access to the outside world please. 

Thanks P

Labels:
0 Helpful
2 Replies 2

Tagir Temirgaliyev
Spotlight
Spotlight

‎06-19-2014 10:42 PM

can you post here

 

sh run

and

sh access-list

0 Helpful

nkarthikeyan
Level 7
Level 7

‎06-21-2014 02:14 AM

Hi,

Could you please bind this ACl to interface 0/0.1 which is a source LAN where you need to block the traffic and try?

 

HTH

 

Regards

Karthik

 

 


 

0 Helpful
Customers Also Viewed These Support Documents