Access list

lalmohammad · ‎05-24-2007

Hi,

I have 5 different valn?s what in the core switch, the access switches (L2) are connected to it and the firewall. My problem is that I don?t want one vlan say ?A? to communicate with the other 4 valns I want to give only the internet access please let me know how I can do that.

Thanks waiting for the reply.

mohammedmahmoud · ‎05-24-2007

Hi,

You can use ACL as you implied to block the traffic to and from your VLANs and allow only internet traffic (by a permit ip any any at the end of the ACL after denying your VLAN subnets), applying the ACL depends on how you are doing the inter-VLAN routing.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

lalmohammad · ‎05-24-2007

the intervlan routing happens at the core switch 4506 by the ip routing command.

please let me know the sequence of command as it is a working setup.

mohammedmahmoud · ‎05-24-2007

Hi,

Ok, it should look something like this:

interface vlan

ip address x.x.x.x

ip access-group 101 in

access-list 101 deny ip

access-list 101 permit ip any any

This will deny all traffic to go from "a" IPs to all the other IPs, and the permit ip any any allows internet access, but a critical question comes here, to which IPs does your internet gateway belong to ?

HTH, please do rate all helpful replies using the scroll box on the right,

Mohammed Mahmoud.