×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

General acl

Unanswered Question
Nov 11th, 2013
User Badges:

Hi,


I create 3 VLAN in the router. it working well right now.

I have question, how to do access list in order for:-

1.VLAN 300 can;t see VLAN 200 but can see VLAN 100?


below is my config:

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1.1

description $ETH-LAN$

encapsulation dot1Q 200

ip address 172.27.100.254 255.255.0.0

ip access-group sdm_fastethernet0/1.2_in in

no snmp trap link-status

!

interface FastEthernet0/1.2

description $ETH-LAN$

encapsulation dot1Q 100 native

ip address 172.7.100.254 255.255.0.0

no snmp trap link-status

!

interface FastEthernet0/1.3

description VLAN for Naraya

encapsulation dot1Q 300

ip address 172.47.100.254 255.255.0.0

no snmp trap link-status

!

interface Serial0/1/0

bandwidth 128

ip address 172.16.1.2 255.255.255.0

no fair-queue

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.27.17.100

ip route 172.5.0.0 255.255.0.0 172.16.1.1

!

ip access-list extended sdm_fastethernet0/1.1_in

---> what should i put here

ip access-list extended sdm_fastethernet0/1.2_in

---> what should i put here

ip access-list extended sdm_fastethernet0/1.3_in

---> what should i put here

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ismailfayaz Mon, 11/11/2013 - 06:01
User Badges:

deny ip 172.47.0.0 0.0.255.255 any

permit ip any any


Apply to vlan 200 outgoing direction.



Sent from Cisco Technical Support iPhone App

cadet alain Mon, 11/11/2013 - 10:09
User Badges:
  • Purple, 4500 points or more

Hi,


ip access-list extended no-vlan200

deny ip 172.147.100.0 0.0.0.255 172.27.100 .0 0.0.0.255

permit ip 172.147.100.0 0.0.0.255 any


int f0/1.3

ip access-group no-vlan200 in


Regards


Alain




Don't forget to rate helpful posts.

Actions

This Discussion