04-29-2008 12:26 AM - edited 03-05-2019 10:40 PM
Hi,
How can i restrict others from accessing the management VLAN. Whcih access-list i need to mention.
04-29-2008 12:34 AM
Hi
If u r refering to the telnet access to the switches then i would suggest use the access-list under u r vty lines.Just allow the subnet from which u would like to access the devices.u can use standard ACL for this.
Thanks
Mahmood
04-29-2008 01:05 AM
Hi,
I want to block the entire traffic from other VLAN's with providing a limitted access to the managament VLAN.
04-29-2008 02:07 AM
I'd recommend the 3750 Switch Software Configuration Guide's chapter
on Network Security with ACLs:
VACLs are usually used to control traffic within a VLAN (Host A in
VLAN 10 to Host B in VLAN 10), but can be used to filter on layer 2 or
layer 3. A VACL is applied to all traffic in both directions so
creating access-list logic can be more challenging but VACL's can
povide a high level of security.
Router ACL's are easier to manage for filtering traffic between VLANs
(Host A on VLAN 10 to Host B on VLAN 20). Router ACL's can be applied
in inbound and outbound directions and are very similar to ACL's
applied to interfaces on any Cisco router. In a VLAN environment, you
apply the ACL to switch virtual interfaces (SVIs) or routed interfaces
(no switchport).
Here's an example:
Switch(config)# access-list 110 permit tcp any 128.88.0.0 0.0.255.255
gt 1023
Switch(config)# access-list 110 permit tcp any host 128.88.1.2 eq 25
Switch(config)# access-list 110 permit icmp any any
Switch(config)# interface VLAN 10
Switch(config-if)# ip access-group 110 in
3750 switches handle most ACL filtering in hardware so these switches
can handle a fairly large number of access-list statements with little
impact on performance.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: