access-list on intervlan

Unanswered Question
Apr 28th, 2008

Dear Experts,

Please advice !!!!

I would like to do,

1- All the Vlan can access to IP ( Internet)

2- PC on Vlan 10 can access all the vlan and ip but all the vlan cannot access to Vlan 10

3- PC on Vlan 20 can access only Vlan30 but vlan 30 cannot access all the vlan include vlan20( but the both this Vlan can access internet

Please see in the attach file.

Please help me to edit access-list on the router.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


On each Vlan you need to block traffice from subnet to Vlan 10.

Say you have Vlan 40 with ip address

use acl as follows:

acl-list 105 deny ip (the Vlan to which you want to block access.

Same goes for rest of the vlans which you want to block.

Acl-list 105 permit ip any any

any any will allow access to internet.

int vlan 40

ip access-group in

So you can customize your vlan in terms of security.




This Discussion