cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
891
Views
0
Helpful
9
Replies

Catalyst 3750 Switch - Access List Problem

Dipesh Patel
Level 2
Level 2

hello all,

We are using 3750 Switch with 4 Vlan.

vlan 1 is configured with 192.168.121.0 255.255.255.0

Vlan 2 is confiugred with 192.168.122.0 255.255.255.0 segment

and like wise vlan 3 and 4.

I had given an access list on vlan 2 to stop access of all only permit specified host.

e.g

interface Vlan1

ip address 192.168.121.1 255.255.255.0

standby 10 ip 192.168.121.5

standby 10 priority 110

!

interface Vlan2

ip address 192.168.122.1 255.255.255.0

ip access-group TEMP in

standby 20 ip 192.168.122.5

standby 20 priority 110

interface Vlan3

ip address 192.168.123.1 255.255.255.0

standby 30ip 192.168.123.5

standby 30 priority 110

ip access-list extended TEMP

permit ip 192.168.122.0 0.0.0.255 host 192.168.123.3

permit ip 192.168.122.0 0.0.0.255 host 10.31.2.120

permit udp any any

when I have applied on vlan 2 than I can not ping from this Swtich but from all other wich host do not have acces can also ping 192.168.122.0 segment which I want to deny.

Pls help me soon..............

9 Replies 9

connect2world
Level 1
Level 1

Your last statement permit udp any any, should be deny ip any any. But before you do that, you might want to allow you the ip from which you manage the switch.

Dear Sir,

yet also Every one can access .... There is no effect of Access list .......

psl help

HI

U r permitting all the ips from the specifeid subnets to access the two hosts.try to access any other hosts and check.

And what is the ip of the system and it is in which vlan..?

Thanks

Mahmood

dear all,

here is the confiugration in attachment .............

Though I have applied Access-list all can access 192.168.122.0 this segment.

pls give the suggation ASAP.

HI

What is the source of u r traffic i think u want everyone to access the hosts specifed in the list.U r not denying anyone else to access u r subnet ie.192.168.122.0.I think u r confused and not able to understand u r requirement.

if u want the hosts specifed in the list to access this subnet then u need to change the order of the list.

access-list permit host (ip addresss) 192.168.122.0 0.0.0.255

make all u r entries

and apply the access-list as outbound to ur interface.

Thanks

Mahmood

Dear mehmood,

I want to secure 192.168.122.0 NW from all outside Hosts..only the hosts specified in Access list can access this NW ....this is my requirement.

as per you give me the configuration idea.

HI

U need to define the access-list as follows

access-list extended permit host 192.22.19.16 192.168.122.0 0.0.0.255

access-list extended permit host 192.44.108.110 192.168.122.0 0.0.0.255

access-list extended permit host 192.2.219.91 192.168.122.0 0.0.0.255

permit udp any any

deny ip any any

interface vlan 2

ip access-group extended out

Thanks

Mahmood

There is an implicit deny at the end of an ACL. You don't have to specify it.

This is true.

However if you do want logging or hitcount to work with it then you would have to add the line into the access-list.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: