Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3560 VLAN access-list

I know that VLAN maps have no bidirection. Is there any other way to do bidirection access-list between VLAN?

The goal scenario:

Host A on VLAN 2, host B on VLAN 3. Host A should be able to open port on host B, but host B should not be able to open port on host A.

Anyone can help?

3 REPLIES
New Member

Re: 3560 VLAN access-list

Hi,

if there is a routing device between the 2 VLANs, then I think you can use ip access-lists to filter the traffic beetwen the 2 VLANs

HTH

Mark

New Member

Re: 3560 VLAN access-list

Hi Mark,

Thanks for you reply.

The routing device is the 3560 itself. I enable ip routing and the VLAN interfaces is directly connected due to at the same device. I had try to use ip access-list to VLAN interface, it seems didn't work.

New Member

Re: 3560 VLAN access-list

rp,

in config:

ip access-list 101 deny tcp host b host a

ip access-list 101 permit ip any any

interface vlan 3

ip access-group 101 in

There are lots of other ways. This is just an example.

Roger

1366
Views
0
Helpful
3
Replies
CreatePlease login to create content