mahmoodmkl Tue, 04/29/2008 - 00:34
User Badges:
  • Gold, 750 points or more


If u r refering to the telnet access to the switches then i would suggest use the access-list under u r vty lines.Just allow the subnet from which u would like to access the devices.u can use standard ACL for this.



drnteam Tue, 04/29/2008 - 01:05
User Badges:


I want to block the entire traffic from other VLAN's with providing a limitted access to the managament VLAN.

yassine-m Tue, 04/29/2008 - 02:07
User Badges:

I'd recommend the 3750 Switch Software Configuration Guide's chapter

on Network Security with ACLs:

VACLs are usually used to control traffic within a VLAN (Host A in

VLAN 10 to Host B in VLAN 10), but can be used to filter on layer 2 or

layer 3. A VACL is applied to all traffic in both directions so

creating access-list logic can be more challenging but VACL's can

povide a high level of security.

Router ACL's are easier to manage for filtering traffic between VLANs

(Host A on VLAN 10 to Host B on VLAN 20). Router ACL's can be applied

in inbound and outbound directions and are very similar to ACL's

applied to interfaces on any Cisco router. In a VLAN environment, you

apply the ACL to switch virtual interfaces (SVIs) or routed interfaces

(no switchport).

Here's an example:

Switch(config)# access-list 110 permit tcp any

gt 1023

Switch(config)# access-list 110 permit tcp any host eq 25

Switch(config)# access-list 110 permit icmp any any

Switch(config)# interface VLAN 10

Switch(config-if)# ip access-group 110 in

3750 switches handle most ACL filtering in hardware so these switches

can handle a fairly large number of access-list statements with little

impact on performance.


This Discussion