Access List

Unanswered Question
Mar 3rd, 2008
User Badges:

Hi


I want to make access list that from one vlan (Vlan10) out my 8 vlan can acess only two servers form server vlan (vlan 2)that are DHCP (IP x.x.x.10 )and proxy server (IP x.x.x.14:8088) so that the users from that vlan can get only access internet and get IP .Can anybody help me



Thanks Frds

JD

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
royalblues Mon, 03/03/2008 - 01:00
User Badges:
  • Green, 3000 points or more

if i understand you correctly, you want users in VLAN10 to get IP addresses and should be able to access only internet and proxy server.


For this you can try something like this


access-list 100 permit udp any any eq 67

access-list 100 permit udp any any eq 68

access-list 100 permit ip host

access-list 100 permit ip any eq www


interface vlan 10

ip access-group 100 in


HTH

Narayan

jagdev.dhaliwal Mon, 03/03/2008 - 01:04
User Badges:

Thanks Narayan


yes you understood, what i want thanks for your help i will try and let you know about the result

jagdev.dhaliwal Mon, 03/03/2008 - 01:38
User Badges:

i have already applied 101 list as in

i think i should aplly it "out" instead of " in" , and will it requie some changes

for that


interface vlan 10

ip access-group 101 in

royalblues Mon, 03/03/2008 - 01:40
User Badges:
  • Green, 3000 points or more

For out you need to use ip access-group 101 out


But in your case inbound access-list would make more sense


Narayan

jagdev.dhaliwal Mon, 03/03/2008 - 02:52
User Badges:

Thaks for your precious time Sir

Can we apply more than one inbound

Access lists on an interface


Like

interface vlan 10

ip access-group 101 in

ip access-group 102 in


Regards

JD

royalblues Mon, 03/03/2008 - 02:54
User Badges:
  • Green, 3000 points or more

No..you can have only one inbound and one outbound access-list applied to an interface


int vlan 10

ip access-group 101 in

ip access-group 102 out


Narayan

jagdev.dhaliwal Mon, 03/03/2008 - 03:21
User Badges:

so Sir can a apply like this


access-list 100 permit udp any any eq 67

access-list 100 permit udp any any eq 68

access-list 100 permit ip host

access-list 100 permit ip any eq www


interface vlan 10

ip access-group 100 out


or should i apply


access-list 10 permit

access-list 10 permit

access-list 10 deny any


interface vlan 10

ip access-group 10 out


Actions

This Discussion