03-25-2008 01:44 AM - edited 03-05-2019 09:57 PM
hello all,
We are using 3750 Switch with 4 Vlan.
vlan 1 is configured with 192.168.121.0 255.255.255.0
Vlan 2 is confiugred with 192.168.122.0 255.255.255.0 segment
and like wise vlan 3 and 4.
I had given an access list on vlan 2 to stop access of all only permit specified host.
e.g
interface Vlan1
ip address 192.168.121.1 255.255.255.0
standby 10 ip 192.168.121.5
standby 10 priority 110
!
interface Vlan2
ip address 192.168.122.1 255.255.255.0
ip access-group TEMP in
standby 20 ip 192.168.122.5
standby 20 priority 110
interface Vlan3
ip address 192.168.123.1 255.255.255.0
standby 30ip 192.168.123.5
standby 30 priority 110
ip access-list extended TEMP
permit ip 192.168.122.0 0.0.0.255 host 192.168.123.3
permit ip 192.168.122.0 0.0.0.255 host 10.31.2.120
permit udp any any
when I have applied on vlan 2 than I can not ping from this Swtich but from all other wich host do not have acces can also ping 192.168.122.0 segment which I want to deny.
Pls help me soon..............
03-25-2008 02:01 AM
Your last statement permit udp any any, should be deny ip any any. But before you do that, you might want to allow you the ip from which you manage the switch.
03-25-2008 03:23 AM
Dear Sir,
yet also Every one can access .... There is no effect of Access list .......
psl help
03-25-2008 03:31 AM
HI
U r permitting all the ips from the specifeid subnets to access the two hosts.try to access any other hosts and check.
And what is the ip of the system and it is in which vlan..?
Thanks
Mahmood
03-25-2008 03:48 AM
03-25-2008 04:07 AM
HI
What is the source of u r traffic i think u want everyone to access the hosts specifed in the list.U r not denying anyone else to access u r subnet ie.192.168.122.0.I think u r confused and not able to understand u r requirement.
if u want the hosts specifed in the list to access this subnet then u need to change the order of the list.
access-list permit host (ip addresss) 192.168.122.0 0.0.0.255
make all u r entries
and apply the access-list as outbound to ur interface.
Thanks
Mahmood
03-25-2008 04:35 AM
Dear mehmood,
I want to secure 192.168.122.0 NW from all outside Hosts..only the hosts specified in Access list can access this NW ....this is my requirement.
as per you give me the configuration idea.
03-25-2008 04:41 AM
HI
U need to define the access-list as follows
access-list extended permit host 192.22.19.16 192.168.122.0 0.0.0.255
access-list extended permit host 192.44.108.110 192.168.122.0 0.0.0.255
access-list extended permit host 192.2.219.91 192.168.122.0 0.0.0.255
permit udp any any
deny ip any any
interface vlan 2
ip access-group extended out
Thanks
Mahmood
03-25-2008 04:44 AM
There is an implicit deny at the end of an ACL. You don't have to specify it.
03-27-2008 07:48 AM
This is true.
However if you do want logging or hitcount to work with it then you would have to add the line into the access-list.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: