Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
2
Replies

VACL

Go to solution
amardram123
Level 1
Level 1

‎06-15-2010 10:42 AM - edited ‎03-06-2019 11:35 AM

Hi all,

i need to block communication between vlans in one 3750 switch, i tried using access-list but not working.

i have 2 vlans 23(172.16.23.0/24) and 24(172.16.24.0/24), and i want to block all communication between these vlans.

can any1 help to config vacl between these 2 vlans.

Regards

Amar

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎06-15-2010 12:32 PM 

amardram123 wrote:
Hi all,
i need to block communication between vlans in one 3750 switch, i tried using access-list but not working.
i have 2 vlans 23(172.16.23.0/24) and 24(172.16.24.0/24), and i want to block all communication between these vlans.
can any1 help to config vacl between these 2 vlans.
Regards
Amar

You don't use vacl's for this.

access-list 101 deny ip 172.16.23.0 0.0.0.255 172.16.24.0 0.0.0.255

access-list 101 permit ip 172.16.23.0 0.0.0.255 any

access-list 102 deny ip 172.16.24.0 0.0.0.255 172.16.23.0 0.0.0.255

access-list 102 permit ip 172.16.24.0 0.0.0.255 any

int vlan 23

ip access-group 101 in

int vlan 24

ip access-group 102 in

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎06-15-2010 12:32 PM 

amardram123 wrote:
Hi all,
i need to block communication between vlans in one 3750 switch, i tried using access-list but not working.
i have 2 vlans 23(172.16.23.0/24) and 24(172.16.24.0/24), and i want to block all communication between these vlans.
can any1 help to config vacl between these 2 vlans.
Regards
Amar

You don't use vacl's for this.

access-list 101 deny ip 172.16.23.0 0.0.0.255 172.16.24.0 0.0.0.255

access-list 101 permit ip 172.16.23.0 0.0.0.255 any

access-list 102 deny ip 172.16.24.0 0.0.0.255 172.16.23.0 0.0.0.255

access-list 102 permit ip 172.16.24.0 0.0.0.255 any

int vlan 23

ip access-group 101 in

int vlan 24

ip access-group 102 in

Jon

0 Helpful

Go to solution
Ganesh Hariharan
VIP Alumni
VIP Alumni

‎06-16-2010 07:36 AM 

Hi all,
i need to block communication between vlans in one 3750 switch, i tried using access-list but not working.
i have 2 vlans 23(172.16.23.0/24) and 24(172.16.24.0/24), and i want to block all communication between these vlans.
can any1 help to config vacl between these 2 vlans.
Regards
Amar

Hi Amar,

A Jon has provided the solution just check out the below link for basic understanding of acl implementation on routers

http://www.sans.org/reading_room/whitepapers/networkdevs/easy-steps-cisco-extended-access-list_231

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card