ACL configure

cyberpea · ‎04-23-2024

I want to create an ACL on Cisco to prevent one network from communicating with others except for the internet. Can you help?

Ruben Cocheno · ‎04-23-2024

@cyberpea

Have Extend ACL and allow only what you need

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

MHM Cisco World · ‎04-23-2024

I think you can I depend
you can try use
deny <LAN><LAN>
permit<LAN><Any>

the ACL apply IN direction

MHM

Gopinath_Pigili · ‎04-23-2024

Hello cyberpea,

You can achieve this by configuring an Extended ACL...

Here is the sample configuration....

Note:- RFC 1918 means Private IP Address

Router(config)# ip access-list extended INTFILT

Router(config-ext-nacl)# permit tcp any any established

Router(config-ext-nacl)# permit tcp any 130.13.150.223 0.0.0.0 eq 80

Router(config-ext-nacl)# permit tcp any 130.13.150.223 0.0.0.0 eq 443

Router(config-ext-nacl)# deny ip 10.0.0.0 0.255.255.255 any

Router(config-ext-nacl)# deny ip 172.16.0.0 0.15.255.255 any

Router(config-ext-nacl)# deny ip 10.0.0.0 0.0.255.255 any

Router(config-ext-nacl)# exit

Router(config)# Interface serial 0/1

Router(config-if)# ip access-group INTFILT in

Best regards
******* If This Helps, Please Rate *******

Aref Alsouqi · ‎04-23-2024

Where the inter-VLAN is happening? on a switch, a router, or a firewall? are you trying to deny a subnet from talking to other subnets in your network allowing internet? or are you trying to deny traffic between the same endpoints in the same subnet allowing internet?