0

I have this network topology. What I try to achieve is: Deny access from Network 172.28.224.0 to Network 172.28.226.208. But the other way around it should work. 172.28.226.208 should be allowed to access 172.28.224.0

I have tried it with the following ACL on the Router

access-list 101 permit ospf any any
access-list 101 permit icmp any any
access-list 101 deny ip any 172.28.226.208 0.0.0.7
access-list 101 permit ip any any

int f0/0.1
access-group 101 out

I am using ospf and my problem is, that when I return traffic is also blocked by the ACL. Does anyone have a suggestion?

Community
  • 1
Manu922222
  • 7
  • 3
  • This question is perhaps better asked at the Network Engineering Stack Exchange: https://networkengineering.stackexchange.com – Tommiie Nov 17 '18 at 15:11

1 Answers1

3

You state you want to deny traffic from 172.28.224.0 to 172.28.226.208 (which subnet masks?) yet you deny traffic from ANY to 172.28.226.208/29.

Next you apply the ACL in the outbound direction on Fa0/0.1 but the destination (172.28.226.208/29) does not live there so you should apply the ACL inbound instead.

Apply the ACL inbound instead of outbound and fix the "ANY" statement and it should work.

Tommiie
  • 5,547
  • 2
  • 11
  • 45