Grateful if any one can provide ways with ACL to allow 2 hosts on different subnets communicate and deny others on both subnets to ping and telnet to both hosts.
Thanks in advance.
First, the ACL on the router will only affect traffic passing _through_ the router, so it will not affect hosts on the same subnet from communicating with eachother. There should be a way of null-routing or firewalling the other hosts in the operating system of the hosts, but that's another discussion. However, I can give you an ACL for the router if you just want Host A and Host B to communicate with eachother.
We'll assume for this example, that subnet 1 is 192.168.1.0/24 and subnet 2 is 192.168.2.0/24. Host A is 192.168.1.2 and Host B is 192.168.2.2. I assume that you want other hosts from subnet 1 and subnet 2 to communicate with eachother. I'm also assuming there is one router, with each subnet on a different ethernet interface. Eth0/0 is subnet 1 and eth0/1 is subnet2.
interface eth0/0
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
interface eth0/1
ip address 192.168.2.1 255.255.255.0
ip access-group 102 in
access-list 101 permit ip host 192.168.1.2 host 192.168.2.2
access-list 101 deny ip host 192.168.1.2 any
access-list 101 permit ip any any
access-list 102 permit ip host 192.168.2.2 host 192.168.1.2
access-list 102 deny ip host 192.168.2.2 any
access-list 102 permit ip any any
Though I did not provide detailed info. on my network, your good assumptions more or less produced the ACL I needed and indeed solved my problem. Great stuff! Thanks a lot again.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.