Collin Clark Tue, 10/07/2008 - 11:38
User Badges:
  • Purple, 4500 points or more

How about an ACL? Let's assume vlan 2 is 192.168.2.0 /24 and vlan 3 is 192.168.3.0 /24.


ip access-list extended BLOCK-V2-V3

permit ip any any established

deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

permit ip any any


Then apply it to the VLAN interface-


ip access-group BLOCK-V2-V3 out


Certainly double check my work before implementing.


Hope that helps.

acomiskey Tue, 10/07/2008 - 11:54
User Badges:
  • Green, 3000 points or more

One small correction. You can only use "tcp" with established keyword.


permit tcp any any established


You can then apply either way you like.


int vlan 2

access-group BLOCK-V2-V3 in


or


int vlan 3

access-group BLOCK-V2-V3 out

mahendran.a Wed, 10/08/2008 - 21:36
User Badges:

Hey Collin


Thank u for your reply. I tried to configure this command ,but in the permit ip any any established command,the esablished is not working.Could u suggest me wat is the issue



My current version


Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9S-M), Version 12.2(25)EWA6, RELEASE

SOFTWARE (fc1)

acomiskey Thu, 10/09/2008 - 09:23
User Badges:
  • Green, 3000 points or more

See my previous post. You cannot use "ip" with the established command just as you cannot use it for "udp". It must be "tcp".


permit tcp any any established

Actions

This Discussion