ACL on switch port to deny traffic to local subnet - except to router, and allow internet
I'm looking for tips on how to construct an an ACL to apply on a specific port do the following:
- allow all traffic to the router (192.168.1.1)
- deny all traffic to/from the local subnet (192.168.1.0/24)
- allow all traffic to/from internet
Below is an illustration of the network topology.
In that example, the ACL would be on port 2, where PC 2 would be connected.
In that example, the PC2 would be able to communicate with the router and get traffic outside to the internet, but wouldn't be able to send/receive traffic from PC1
I wouldn't want to go with VLAN (subnets, interfaces and routing), and kind of hope this i achievable with ACL.
I tried setting the ACL (screenshot below), but I can't get it to work: my ACL attempt does a fine job at enabling traffic to the router while preventing traffic to the local subnet, but it also prevents any traffic to the internet...
Non-working ACL attempt: