0

I'm configuring a very small network on packet tracer 8.0 and I have a single 2960-24TT switch which is connected to 2 PCs and 1 router. Everything is on the 24.17.2.0/24 network and I added a VLAN. I have to prevent PC1 from communicating with PC2 while still being able to talk to the router. I decided to use an ACL because the IP addresses are next to each other (Router, VLAN1, PC1, PC2 = .1 ; .2 ; .3 ; .4). I entered the command:

access-list 1 deny host 24.17.2.4

The problem is that I can't apply it anywhere as "ip access-group" is unrecognizable. I followed the instructions here: How can I apply an ACL to interface on a Layer 3 switch? . "No switchport" is unrecognized and nothing seems to be working. Overall, none of the solutions from that thread work. How can I apply my ACL to the VLAN?

On another note, this is for a small school project and there is nothing forcing me to use ACLs. The only restraints I have are that PCs can't communicate with each other, and one of them most be able to access the router. If I'm overthinking things, then please let me know if there's a simpler way. Also, I did think about simply shutting down one of the PC's interface as that would comply with the assignment, but I don't think the prof would find me very funny, so i need to do at least some sort of configuration.

Improve this question
4
  • A layer-3 ACL only works on a layer-3 interface. Cisco has Private VLANs for what you want, but I doubt Packet Tracer supports that.
    – Ron Maupin
    Commented Mar 11, 2021 at 22:11
  • Is there a way I can make an interface layer 3? I remember seeing it somewhere as being possible. Would I need to put the VLAN layer 3, or would it be another interface? If not, do layer 2 ACLS even exist?
    – BloodLord
    Commented Mar 11, 2021 at 22:16
  • The no switchport needs to be applied to an interface fa0/0 to make it L3. You can also apply an ACL to an SVI on a VLAN, preferrably on in, or on out.
    – Zac67
    Commented Mar 12, 2021 at 6:01
  • Did any answer help you? if so, you should accept the answer so that the question does not keep popping up forever, looking for an answer. Alternatively, you could post and accept your own answer.
    – Ron Maupin
    Commented Dec 23, 2021 at 17:00

1 Answer 1

Reset to default
1

Your switch is a layer-2 switch. As such, it does not support ACLs using IP addresses. Generally, a layer-2 switch "doesn't know" anything about IP addresses or higher layer protocols.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.