Announcement

Collapse
No announcement yet.

Forwarding only selected IP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Forwarding only selected IP

    Hello

    I have some experience in the networking environment for 2-3 years now so I deicded I give a try with Cisco too

    I did CCNA1 , read books ... and so on

    Recently I imagined a circuit :

    PC ( 1.1.1.2 )
    .\
    ..\ . . . . . . . . fa 0/0 . . . . .fa 0/1
    SWITCH ----------- ROUTER ----------- pc ( 2.2.2.2 )
    ./ . . . . . . . . 1.1.1.1 . . . . 2.2.2.1
    /
    SERVER ( 1.1.1.3 )

    NO nat , just plain IP forwarding

    So far in Packet tracer all the pcs can see eachother

    Now I want to configure the router to allow acces from 2.2.2.2 to 1.1.1.3 but not to 1.1.1.2

    so I tried this :

    (conf )acc-list 111 deny ip 2.2.2.2 0.0.0.255 1.1.1.2
    !!FA0/0:
    (conf-int ) ip acc 111 out

    SO now 2.2.2.2 cant reach 1.1.1.2 , and it cant reach the other ips either , except 1.1.1.1

    What am I doing wrong ?

  • #2
    Re: Forwarding only selected IP

    Couple of things I see

    1) Your current ACL is denying the entire 2.2.2.0/24 netblock (wildcard 0.0.0.255)
    2) There is an implied "deny any any" at then end of all ACLs. You have not permitted any other hosts access through interface.

    try something like this

    Code:
     
    access-list 111 remark DENY host 2.2.2.2 to 1.1.1.2
    access-list 111 deny ip host 2.2.2.2 host 1.1.1.2
    access-list 111 remark PERMIT all other traffic
    access-list 111 permit ip any any
     
    int f0/1
     ip access-group 111 in

    Comment

    Working...
    X