cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
373
Views
0
Helpful
3
Replies

Problem with acces-list permit and deny

rechard_david
Level 1
Level 1

Dear All,

Please help me to solve problem as below!!!

I had Cisco switch 3560 and i did inter-Vlan on this switch. So i was create 3 vlan( Vlan10,20 and 30) and was configure

access-list all 3 vlan .

let me tell u what i want:

1.On Vlan 10: Vlan10 can access vlan 20 and Vlan30.

2.On Vlan 20 : cannot access Vlan 10 and Vlan 30.

3.On Vlan 30 : cannot access Vlan 10 and vlan20

as configuration as above it doesn't work Could you correct on this comand?

Best Regards,

Rechard

3 Replies 3

Marwan ALshawi
VIP Alumni
VIP Alumni

the only way u can configure it by using the established ACL this way the returne traffic from vlan 10 will be permited

k.cherian
Level 1
Level 1

Hi David,

On Vlan 10, since we are allowing access to all other Vlans, we would not need any ACLs on that Vlan.

For Vlan 20 and 30, we can configure and apply a standard ACL that will deny any packets with a destination address to either of the other Vlans.

For example on Vlan 20, you will create an ACL with ACEs as follows:

deny ip any

deny ip any

Once done, you can apply this group on to the Vlan interface.

Hope this helps.

-/ KC

ganeshhiyer
Level 1
Level 1

Hi rechard,

Can you share the configuration of VACL what you have deployed in the interface of each vlan.

Ganesh.H

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: