-1

I added an ACL list to Router A and permission is working fine if the packet comes from another LAN. The problem is, when a Packet is sent within the LAN that is connected to Router A, the packet is sent only to the switch (and doesn't reach the router). How can I solve this problem without adding another ACL to the switch?

PC1-----Switch
PC2----2960-24TT----Router PT
PC3----

Now what I try to achieve is, that PC1 and PC2 are not allowed access PC3, PC3 should be able to access the other pc's

Here's the network diagram

Network diagram

marsh-wiggle
  • 2,145
  • 5
  • 29
  • 45
Manu922222
  • 7
  • 3
  • 1
    Are we supposed to guess what switch you have? – joeqwerty Nov 16 '18 at 21:03
  • If it's on the same switch, then traffic will flow directly to the destination without passing through the router. If you are attempting to segregate networks, and devices they should be on a seperate network/vlan. (I recommend looking at how switches work, and layer 2 and 3 routing) – Ashley Primo Nov 16 '18 at 21:07
  • 1
    Packets in the same broadcast domain don't route - they go direct (via switch). There's not much you can do on the router to affect this without redesigning your network. – guzzijason Nov 16 '18 at 21:49

1 Answers1

1

when a Packet is sent within the LAN that is connected to Router A, the packet is sent only to the switch (and doesn't reach the router). How can I solve this problem without adding another ACL to the switch?

You can't.

Like you wrote, an internal packet is forwarded only across the switch, not across the router. Therefore, any filtering on the router is irrelevant.

You have to either set up an ACL on the switch or make the traffic travel across the router. You could split the network into two or more VLANs and route between them across the router. Depending on the router performance, it can easily become a bottleneck in that design.

Zac67
  • 10,320
  • 2
  • 12
  • 32