Problem with acces-list permit and deny

Unanswered Question
Dec 1st, 2008

Dear All,

Please help me to solve problem as below!!!

I had Cisco switch 3560 and i did inter-Vlan on this switch. So i was create 3 vlan( Vlan10,20 and 30) and was configure

access-list all 3 vlan .

let me tell u what i want:

1.On Vlan 10: Vlan10 can access vlan 20 and Vlan30.

2.On Vlan 20 : cannot access Vlan 10 and Vlan 30.

3.On Vlan 30 : cannot access Vlan 10 and vlan20

as configuration as above it doesn't work Could you correct on this comand?

Best Regards,

Rechard

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Mon, 12/01/2008 - 01:30

the only way u can configure it by using the established ACL this way the returne traffic from vlan 10 will be permited

k.cherian Tue, 12/02/2008 - 16:54

Hi David,

On Vlan 10, since we are allowing access to all other Vlans, we would not need any ACLs on that Vlan.

For Vlan 20 and 30, we can configure and apply a standard ACL that will deny any packets with a destination address to either of the other Vlans.

For example on Vlan 20, you will create an ACL with ACEs as follows:

deny ip any

deny ip any

Once done, you can apply this group on to the Vlan interface.

Hope this helps.

-/ KC

ganeshhiyer Tue, 12/02/2008 - 21:47

Hi rechard,

Can you share the configuration of VACL what you have deployed in the interface of each vlan.

Ganesh.H

Actions

This Discussion