cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
358
Views
0
Helpful
4
Replies

Access-list Switch 3750

amirovic13
Level 1
Level 1

Hello,

I request your assistance to set up access-list in order to prohibit the dialogue between VLANs. In my config I have 10 VLANs and I would not like that they discuss between them, but except my VLAN 4 (Administration) I have my dhcp configured above.

In short: 10 VLANs and allow just the dialogue with the VLAN 4 and to prohibit all.

Herewith my config current of the switch:

Thank you

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

Hi

access-list 101 permit ip any 192.168.0.0 0.0.0.255

access-list 101 permit deny ip any any

interface vlan2

ip access-group 101 in

interface vlan3

ip access-group 101 in

Couple of things to note

1) This will only allow vlan 2 / 3 etc. to talk to vlan 4. They will not be allowed to talk to any other destination IP addresses.

2) You don't have to use the same access-list number (101) for every vlan interface if you don't want.

3) If you want to allow your vlans to talk to external IP addresses other than those on the switch your access-list would look

for vlan 2

access-list 101 permit ip any 192.168.0.0 0.0.0.255

access-list 101 deny ip any 192.168.3.0 0.0.0.255

access-list 101 deny ip any 192.168.6.0 0.0.0.255

etc... for each of your vlans

access-list 101 permit ip any any

HTH

Jon

Thank you very much for your assistance. I will test and I will keep you informed

What is the difference if I change the access-list number for every VLANs ??

Hi

If you wanted to see how many hits per vlan you are getting then use separate access-lists or if you need to be more granular and the rules are not exactly the same per vlan.

HTH

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco