04-29-2008 12:26 AM - edited 03-05-2019 10:40 PM
Hi,
How can i restrict others from accessing the management VLAN. Whcih access-list i need to mention.
04-29-2008 12:34 AM
Hi
If u r refering to the telnet access to the switches then i would suggest use the access-list under u r vty lines.Just allow the subnet from which u would like to access the devices.u can use standard ACL for this.
Thanks
Mahmood
04-29-2008 01:05 AM
Hi,
I want to block the entire traffic from other VLAN's with providing a limitted access to the managament VLAN.
04-29-2008 02:07 AM
I'd recommend the 3750 Switch Software Configuration Guide's chapter
on Network Security with ACLs:
VACLs are usually used to control traffic within a VLAN (Host A in
VLAN 10 to Host B in VLAN 10), but can be used to filter on layer 2 or
layer 3. A VACL is applied to all traffic in both directions so
creating access-list logic can be more challenging but VACL's can
povide a high level of security.
Router ACL's are easier to manage for filtering traffic between VLANs
(Host A on VLAN 10 to Host B on VLAN 20). Router ACL's can be applied
in inbound and outbound directions and are very similar to ACL's
applied to interfaces on any Cisco router. In a VLAN environment, you
apply the ACL to switch virtual interfaces (SVIs) or routed interfaces
(no switchport).
Here's an example:
Switch(config)# access-list 110 permit tcp any 128.88.0.0 0.0.255.255
gt 1023
Switch(config)# access-list 110 permit tcp any host 128.88.1.2 eq 25
Switch(config)# access-list 110 permit icmp any any
Switch(config)# interface VLAN 10
Switch(config-if)# ip access-group 110 in
3750 switches handle most ACL filtering in hardware so these switches
can handle a fairly large number of access-list statements with little
impact on performance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide