04-13-2010 06:42 AM - edited 03-04-2019 08:08 AM
Hello,
Please comment for the mentioned config is it correct for GUEST VLAN.
I need to block communication between user/server VLAN to Guest VLAN
Are the Acl correct ; any other recommendation for security and routing
On 4506
vlan 2
description "User VLAN"
IP address 10.10.10.1 255.255.255.0
vlan 3
description "Server VLAN"
IP address 192.168.1.1 255.255.255.0
vlan 4
description "User Voice"
IP address 192.168.10.1 255.255.255.0
vlan 5
description "GUEST"
IP address 172.16.1.1 255.255.255.0
ip access-group DENY out
ip access-group DENY in
router ospf 1
network 10.10.10.1 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
ip route 0.0.0.0 0.0.0.0 192.168.1.100
ip route 172.16.1.0 255.255.255.0 172.16.1.2
ip access-list extended DENY
deny ip 172.16.1.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 172.16.1.0 0.0.0.255 10.10.10.0 0 0.0.0.255
permit ip any any
Solved! Go to Solution.
04-13-2010 07:33 AM
melwin.uk wrote:
Melwin
You only need to apply this acl inbound on the vlan 5 interface and not outbound ie.
int vlan 5
ip access-group DENY in
But apart from that your acl is fine.
Jon
Please rate helpful posts
04-13-2010 07:33 AM
melwin.uk wrote:
Melwin
You only need to apply this acl inbound on the vlan 5 interface and not outbound ie.
int vlan 5
ip access-group DENY in
But apart from that your acl is fine.
Jon
Please rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide