Using ACL to block traffic from internal LAN
What is an ACL and how can I use one to block traffic from our internal LAN to a remote subnet?
Software/Hardware used:
Software/Hardware used:
ASKED:
February 8, 2011 9:06 PM
UPDATED:
March 18, 2011 2:48 PM
Answer Wiki:
An ACL means Access Control List.
It is a list that controls access to networks.
To answer your question, you need to be more specific.
In which equipment do you intend to deploy the ACL brand and model.
What is your layer 3 network configuration?
What addresses are you using in your local and remote subnet (the one you want to block)
Do you want to block any traffic or specific traffic?
PLease post back.
------------------------------
Think of an ACL as a "network traffic filter" - they can be used to allow, prevent or redirect certain types of traffic..
A good example of one that accomplishes what I believe you're asking is as follows:
(This config was done on a Cisco 1841 and is assuming your LAN is 192.168.10.0 /24, and the remote LAN is 172.16.1.0 /24)
<b>Router(config)#access-list 100 deny ip 192.168.10.0 0.0.0.255 172.168.1.0 0.0.0.255</b> - This blocks ALL traffic from one LAN to the other
<b>Router(config)#access-list 100 permit ip any any</b> - This prevents the ACL from killing ALL traffic NOT destined for the remote LAN
Then Apply the ACL to the router interface that connects to your LAN:
<b>Router(config)#int fa0/0
Router(config-if)#ip access-group 100 in
Router(config-if)#exit</b>
That should block the 192.x LAN from getting to the 172.x LAN without blocking any other traffic to the Internet or other networks...
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
