Need help on a Extended ACL command! Pls help, thanks! - Printable Version +- How2pass.com Forums (https://www.how2pass.com/forum) +-- Forum: CCNA (https://www.how2pass.com/forum/forum-4.html) +--- Forum: Answer this question (https://www.how2pass.com/forum/forum-11.html) +--- Thread: Need help on a Extended ACL command! Pls help, thanks! (/thread-300.html) |
Need help on a Extended ACL command! Pls help, thanks! - AlphonseElric - 02-02-2010 Hi people, I have a question on Ext-ACL. Please help.. Users in IT Dept network (192.168.3.0) should not be able to ping or access KL Dept network (192.168.3.0) and vice versa. Both IT Dept and KL Dept should be able to access the internet. So my acl command is: deny ip 192.168.3.0 0.0.0.255 host 192.168.3.0 eq icmp deny ip 192.168.5.0 0.0.0.255 host 192.168.5.0 eq icmp permit any any Is my command correct? A friend of time told me that, my command will block the respective network from accessing the internet and everything else as well? Is it true? Please help people! Urgent! Thanks!!! Re: Need help on a Extended ACL command! Pls help, thanks! - jhnfry - 04-18-2010 (02-02-2010, 04:16 PM)AlphonseElric link Wrote:Hi people,Did you make a mistake in the addresses of the networks? If the IT dept and KL dept are both in the 192.168.3.0 network the traffic wont reach the router that ACLs are configured on. Secondly The host designation should not be assigned to a network address. Re: Need help on a Extended ACL command! Pls help, thanks! - bryanrobh - 05-20-2010 This ACL is all wrong. First off in your original question you used the same network address for both departments. Then in your ACL you have two different networks. I will assume that the 192.168.3.0 subnet is for IT Dept and that the 192.168.5.0. Also the eq ICMP at the end of your ACL is only stopping pings and thats not even proper. So it looks like your super netting if its all under one big network. If those are the subnets and you want to block all traffic from reaching each other the ACL would look like this deny ip 192.168.3.0 0.0.0.255 192.168.5.0 0.0.0.255 deny ip 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255 permit ip any any How many routers are separating the two network segments? |