Solved: Guest VLAN - Access

melwin.uk · ‎04-13-2010

Hello,

Please comment for the mentioned config is it correct for GUEST VLAN.
I need to block communication between user/server VLAN to Guest VLAN
Are the Acl correct ; any other recommendation for security and routing

On 4506

vlan 2
description "User VLAN"
IP address 10.10.10.1 255.255.255.0

vlan 3
description "Server VLAN"
IP address 192.168.1.1 255.255.255.0

vlan 4
description "User Voice"
IP address 192.168.10.1 255.255.255.0

vlan 5
description "GUEST"
IP address 172.16.1.1 255.255.255.0
ip access-group DENY out
ip access-group DENY in

router ospf 1
network 10.10.10.1 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0

ip route 0.0.0.0 0.0.0.0 192.168.1.100
ip route 172.16.1.0 255.255.255.0 172.16.1.2

ip access-list extended DENY
deny   ip 172.16.1.0 0.0.0.255 192.168.10.0 0.0.0.255
deny   ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
deny   ip 172.16.1.0 0.0.0.255 10.10.10.0 0 0.0.0.255
permit ip any any

Jon Marshall · ‎04-13-2010

melwin.uk wrote:

Melwin

You only need to apply this acl inbound on the vlan 5 interface and not outbound ie.

int vlan 5

ip access-group DENY in

But apart from that your acl is fine.

Jon

Please rate helpful posts

View solution in original post

Jon Marshall · ‎04-13-2010