I have a basic setup for self-learning purposes. I'm a developer but trying to also understand the other side of IT managing networks.
I mean learning case I have a single managed L3 switch. To it are connected the following devices:
| Device Name | Device IPv4 | Subnet Mask | Switch-Port | VLAN |
|---|---|---|---|---|
| Server-IT | 192.168.10.2 | 255.255.255.0 | G0/1 | 10 |
| Server-HR | 192.168.11.31 | 255.255.255.0 | G0/2 | 11 |
| Printer-IT | 192.168.20.30 | 255.255.255.0 | F0/21 | 20 |
| Printer-HR | 192.168.20.31 | 255.255.255.0 | F0/22 | 20 |
| PC-IT-1 | 192.168.30.2 | 255.255.255.248 | F0/1 | 30 |
| PC-IT-2 | 192.168.30.3 | 255.255.255.248 | F0/2 | 30 |
| PC-IT-3 | 192.168.30.4 | 255.255.255.248 | F0/3 | 30 |
| PC-IT-4 | 192.168.30.5 | 255.255.255.248 | F0/4 | 30 |
| PC-HR-1 | 192.168.31.2 | 255.255.255.248 | F0/1 | 31 |
| PC-HR-2 | 192.168.31.3 | 255.255.255.248 | F0/2 | 31 |
| PC-HR-3 | 192.168.31.4 | 255.255.255.248 | F0/3 | 31 |
| PC-HR-4 | 192.168.31.5 | 255.255.255.248 | F0/4 | 31 |
The VLANs, device ports etc. are all configured correctly and operate as I expect them to. I also let all devices communicate with each other by using IP routing. That also works correctly.
Now I tried to take the next step and limiting the access to Server-HR only to devices from the network 192.168.31.0 /29. I didn't find real instructions here even while researching on Cicso, or at least none that I understand. One instruction I found stated to use ACL which I tried by using:
config t
ip access-list extend WHITELIST
permit ip 192.168.31.0 255.255.255.248 host 192.168.11.31
This did not work as I missed something. I still can communicate with the Server-HR from all devices not only devices from VLAN 31. What do I miss and what do I need to do to fix that connection filter?
