I'm trying to set up a network in packet tracer with inter-VLAN routing. I need to restrict one of the VLANs to only accept traffic from the 172.25.30.0/24 network.
To do this I am using an access list:
access-list 1 permit 172.25.30.0 0.0.0.255
I have 5 subinterfaces for the different VLANs on the network, and have applied the access list to f0/0.50:
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 172.25.10.254 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 172.25.20.254 255.255.255.0
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 172.25.30.254 255.255.255.0
!
interface FastEthernet0/0.40
encapsulation dot1Q 40
ip address 172.25.40.254 255.255.255.0
!
interface FastEthernet0/0.50
encapsulation dot1Q 50
ip address 172.25.50.254 255.255.255.0
ip access-group 1 in
!
As far as I can tell this should now only allow devices on the 172.25.30.0/24 network to communicate with devices on the 172.25.50.0/24 network (my management network). However, as soon as I apply the access list to the sub-interface I can no longer ping the 172.25.50.0/24 network from any devices, including ones on the 172.25.30.0/24 network.
Can anyone see why this would be?
Best Answer
Change the direction of the ACL to
out
.The direction is from the perspective of the router interface.
Out
means out of the interface, towards the devices.