cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
605
Views
0
Helpful
7
Replies

VLAN Access-List

cisco
Level 1
Level 1

Hi ,

I need to apply access list in global mode.I want that user VLAN_A, VLAN_B and VLAN_C shouldnt be able to communicate with each other but these vlans should be able to communicate with VLAN_SERVER and VLAN_IT.

how do i do configuration,i am lil confused.

regards

Neo

7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

Neo

VLAN A = 192.168.5.0/24

VLAN B = 192.168.6.0/24

VLAN C = 192.168.7.0/24

VLAN A

======

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 101 permit ip any any

int vlan A

ip access-group 101 in

VLAN B

======

access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 102 permit ip any any

int vlan B

ip access-group 102 in

VLAN C

======

access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 103 permit ip any any

int vlan C

ip access-group 103 in

Jon

If you are using DHCP on those VLANs you need to make sure that you allow the following as well in the access-list else your clients will not be able to get IP addresses.

access-list xxx permit udp 0.0.0.0 0.0.0.0 eq bootps

edited.

Jacques

Apologies i see what you mean, i have edited original post.

Jon

Hi All,

I need to configure only in global mode only not in interface mode.

regards

Neo

please help

regards

Neo

Neo

The way to achieve filtering between vlans is to use the example provided. However if you have to do it from global config mode you are probably referring to a vlan access-map -

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swacl.html#wp1087276

these are most commonly used to filter traffic within the same vlan and not between vlans though.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco