10-15-2009 10:43 AM - edited 03-06-2019 08:08 AM
Hi ,
I need to apply access list in global mode.I want that user VLAN_A, VLAN_B and VLAN_C shouldnt be able to communicate with each other but these vlans should be able to communicate with VLAN_SERVER and VLAN_IT.
how do i do configuration,i am lil confused.
regards
Neo
10-15-2009 10:55 AM
Neo
VLAN A = 192.168.5.0/24
VLAN B = 192.168.6.0/24
VLAN C = 192.168.7.0/24
VLAN A
======
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 101 permit ip any any
int vlan A
ip access-group 101 in
VLAN B
======
access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 permit ip any any
int vlan B
ip access-group 102 in
VLAN C
======
access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 103 permit ip any any
int vlan C
ip access-group 103 in
Jon
10-15-2009 11:04 AM
If you are using DHCP on those VLANs you need to make sure that you allow the following as well in the access-list else your clients will not be able to get IP addresses.
access-list xxx permit udp 0.0.0.0 0.0.0.0 eq bootps
10-15-2009 11:08 AM
edited.
10-15-2009 11:13 AM
Jacques
Apologies i see what you mean, i have edited original post.
Jon
10-15-2009 11:35 PM
Hi All,
I need to configure only in global mode only not in interface mode.
regards
Neo
10-16-2009 01:36 AM
please help
regards
Neo
10-16-2009 01:42 AM
Neo
The way to achieve filtering between vlans is to use the example provided. However if you have to do it from global config mode you are probably referring to a vlan access-map -
these are most commonly used to filter traffic within the same vlan and not between vlans though.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: