who can help me with this ACL problem

Unanswered Question
Sep 23rd, 2007
User Badges:

hi experts,

I have a layer 3 switch and i am trying to accomplish this task: there are two VLAN , supposed VLAN 10 and VLAN 20 , I want PCs in VLAN 10 can ping VLAN 20 but PCs in VLAN 20 can not ping PCs in VLAN 10 , anyone can give me some advises?

thank you!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
spremkumar Sun, 09/23/2007 - 22:20
User Badges:
  • Red, 2250 points or more

hi


check for Firewalls in the client pc and also for ACLs under the vlans.


if possible do post out the config here.


regds


diablo_mtc Sun, 09/23/2007 - 23:56
User Badges:

thankyou for replying

i am afraid you do not understand what i mean, or maybe i do not express clearly. what i want to do is that PCs in vlan 10 can ping PCs in vlan 20 but PCs in vlan 20 can not ping PCs in vlan 10. just some kind of one direction communication.


aboelhouwers Mon, 09/24/2007 - 01:55
User Badges:

Create an extended incoming access-list on interface vlan 20 with the following entries:


permit icmp any any echo-reply

deny ip any any



aboelhouwers Mon, 09/24/2007 - 04:53
User Badges:

sorry, I meant outgoing access-list: for example


interface vlan 20

ip address

ip access-group out



diablo_mtc Mon, 09/24/2007 - 16:17
User Badges:

how about TCP connections?

Does PCs in VLAN 20 can open TCP/UDP connection to PCs in VLAN 10?

Edison Ortiz Mon, 09/24/2007 - 20:12
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

ip access-list extended Vlan20_IN

deny icmp [vlan20 subnet] any echo

permit ip any any


interface vlan 10

ip access-group Vlan20_IN



Actions

This Discussion