04-13-2010 06:42 AM - edited 03-04-2019 08:08 AM
Hello,
Please comment for the mentioned config is it correct for GUEST VLAN.
I need to block communication between user/server VLAN to Guest VLAN
Are the Acl correct ; any other recommendation for security and routing
On 4506
vlan 2
description "User VLAN"
IP address 10.10.10.1 255.255.255.0
vlan 3
description "Server VLAN"
IP address 192.168.1.1 255.255.255.0
vlan 4
description "User Voice"
IP address 192.168.10.1 255.255.255.0
vlan 5
description "GUEST"
IP address 172.16.1.1 255.255.255.0
ip access-group DENY out
ip access-group DENY in
router ospf 1
network 10.10.10.1 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0
ip route 0.0.0.0 0.0.0.0 192.168.1.100
ip route 172.16.1.0 255.255.255.0 172.16.1.2
ip access-list extended DENY
deny ip 172.16.1.0 0.0.0.255 192.168.10.0 0.0.0.255
deny ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip 172.16.1.0 0.0.0.255 10.10.10.0 0 0.0.0.255
permit ip any any
Solved! Go to Solution.
04-13-2010 07:33 AM
melwin.uk wrote:
Melwin
You only need to apply this acl inbound on the vlan 5 interface and not outbound ie.
int vlan 5
ip access-group DENY in
But apart from that your acl is fine.
Jon
Please rate helpful posts
04-13-2010 07:33 AM
melwin.uk wrote:
Melwin
You only need to apply this acl inbound on the vlan 5 interface and not outbound ie.
int vlan 5
ip access-group DENY in
But apart from that your acl is fine.
Jon
Please rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: