Problem with acces-list permit and deny

Unanswered Question
Dec 1st, 2008
User Badges:

Dear All,

Please help me to solve problem as below!!!

I had Cisco switch 3560 and i did inter-Vlan on this switch. So i was create 3 vlan( Vlan10,20 and 30) and was configure

access-list all 3 vlan .

let me tell u what i want:

1.On Vlan 10: Vlan10 can access vlan 20 and Vlan30.

2.On Vlan 20 : cannot access Vlan 10 and Vlan 30.

3.On Vlan 30 : cannot access Vlan 10 and vlan20

as configuration as above it doesn't work Could you correct on this comand?

Best Regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Mon, 12/01/2008 - 01:30
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

the only way u can configure it by using the established ACL this way the returne traffic from vlan 10 will be permited

k.cherian Tue, 12/02/2008 - 16:54
User Badges:

Hi David,

On Vlan 10, since we are allowing access to all other Vlans, we would not need any ACLs on that Vlan.

For Vlan 20 and 30, we can configure and apply a standard ACL that will deny any packets with a destination address to either of the other Vlans.

For example on Vlan 20, you will create an ACL with ACEs as follows:

deny ip any

deny ip any

Once done, you can apply this group on to the Vlan interface.

Hope this helps.

-/ KC

ganeshhiyer Tue, 12/02/2008 - 21:47
User Badges:

Hi rechard,

Can you share the configuration of VACL what you have deployed in the interface of each vlan.



This Discussion