VACL

Answered Question
Jun 15th, 2010
User Badges:

Hi all,


i need to block communication between vlans in one 3750 switch, i tried using access-list but not working.


i have 2 vlans 23(172.16.23.0/24) and 24(172.16.24.0/24), and i want to block all communication between these vlans.


can any1 help to config vacl between these 2 vlans.


Regards

Amar

Correct Answer by Jon Marshall about 6 years 9 months ago

amardram123 wrote:


Hi all,


i need to block communication between vlans in one 3750 switch, i tried using access-list but not working.


i have 2 vlans 23(172.16.23.0/24) and 24(172.16.24.0/24), and i want to block all communication between these vlans.


can any1 help to config vacl between these 2 vlans.


Regards

Amar


You don't use vacl's for this.


access-list 101 deny ip 172.16.23.0 0.0.0.255 172.16.24.0 0.0.0.255

access-list 101 permit ip 172.16.23.0 0.0.0.255 any


access-list 102 deny ip 172.16.24.0 0.0.0.255 172.16.23.0 0.0.0.255

access-list 102 permit ip 172.16.24.0 0.0.0.255 any


int vlan 23

ip access-group 101 in


int vlan 24

ip access-group 102 in


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 06/15/2010 - 12:32
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

amardram123 wrote:


Hi all,


i need to block communication between vlans in one 3750 switch, i tried using access-list but not working.


i have 2 vlans 23(172.16.23.0/24) and 24(172.16.24.0/24), and i want to block all communication between these vlans.


can any1 help to config vacl between these 2 vlans.


Regards

Amar


You don't use vacl's for this.


access-list 101 deny ip 172.16.23.0 0.0.0.255 172.16.24.0 0.0.0.255

access-list 101 permit ip 172.16.23.0 0.0.0.255 any


access-list 102 deny ip 172.16.24.0 0.0.0.255 172.16.23.0 0.0.0.255

access-list 102 permit ip 172.16.24.0 0.0.0.255 any


int vlan 23

ip access-group 101 in


int vlan 24

ip access-group 102 in


Jon

Ganesh Hariharan Wed, 06/16/2010 - 07:36
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi all,


i need to block communication between vlans in one 3750 switch, i tried using access-list but not working.


i have 2 vlans 23(172.16.23.0/24) and 24(172.16.24.0/24), and i want to block all communication between these vlans.


can any1 help to config vacl between these 2 vlans.


Regards

Amar


Hi Amar,


A Jon has provided the solution just check out the below link for basic understanding of acl implementation on routers


http://www.sans.org/reading_room/whitepapers/networkdevs/easy-steps-cisco-extended-access-list_231


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Actions

This Discussion