VLAN Access-List

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 10/15/2009 - 10:55
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Neo


VLAN A = 192.168.5.0/24

VLAN B = 192.168.6.0/24

VLAN C = 192.168.7.0/24



VLAN A

======


access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 101 permit ip any any


int vlan A

ip access-group 101 in


VLAN B

======


access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 102 permit ip any any


int vlan B

ip access-group 102 in


VLAN C

======


access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 103 permit ip any any


int vlan C

ip access-group 103 in


Jon

CoetzerJ Thu, 10/15/2009 - 11:04
User Badges:

If you are using DHCP on those VLANs you need to make sure that you allow the following as well in the access-list else your clients will not be able to get IP addresses.


access-list xxx permit udp 0.0.0.0 0.0.0.0 eq bootps

Jon Marshall Thu, 10/15/2009 - 11:08
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

edited.

Jon Marshall Thu, 10/15/2009 - 11:13
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jacques


Apologies i see what you mean, i have edited original post.


Jon

Jon Marshall Fri, 10/16/2009 - 01:42
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Neo


The way to achieve filtering between vlans is to use the example provided. However if you have to do it from global config mode you are probably referring to a vlan access-map -


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swacl.html#wp1087276


these are most commonly used to filter traffic within the same vlan and not between vlans though.


Jon

Actions

This Discussion