12-01-2008 01:04 AM - edited 03-06-2019 02:44 AM
Dear All,
Please help me to solve problem as below!!!
I had Cisco switch 3560 and i did inter-Vlan on this switch. So i was create 3 vlan( Vlan10,20 and 30) and was configure
access-list all 3 vlan .
let me tell u what i want:
1.On Vlan 10: Vlan10 can access vlan 20 and Vlan30.
2.On Vlan 20 : cannot access Vlan 10 and Vlan 30.
3.On Vlan 30 : cannot access Vlan 10 and vlan20
as configuration as above it doesn't work Could you correct on this comand?
Best Regards,
Rechard
12-01-2008 01:30 AM
the only way u can configure it by using the established ACL this way the returne traffic from vlan 10 will be permited
12-02-2008 04:54 PM
Hi David,
On Vlan 10, since we are allowing access to all other Vlans, we would not need any ACLs on that Vlan.
For Vlan 20 and 30, we can configure and apply a standard ACL that will deny any packets with a destination address to either of the other Vlans.
For example on Vlan 20, you will create an ACL with ACEs as follows:
deny ip any
deny ip any
Once done, you can apply this group on to the Vlan interface.
Hope this helps.
-/ KC
12-02-2008 09:47 PM
Hi rechard,
Can you share the configuration of VACL what you have deployed in the interface of each vlan.
Ganesh.H
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: