Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2298
Views
0
Helpful
3
Replies

3560 VLAN access-list

rpratikno
Level 1
Level 1

‎01-03-2007 04:31 PM - edited ‎03-05-2019 01:34 PM

I know that VLAN maps have no bidirection. Is there any other way to do bidirection access-list between VLAN?

The goal scenario:

Host A on VLAN 2, host B on VLAN 3. Host A should be able to open port on host B, but host B should not be able to open port on host A.

Anyone can help?

Labels:
0 Helpful
3 Replies 3

d-mark
Level 1
Level 1

‎01-03-2007 11:19 PM

Hi,

if there is a routing device between the 2 VLANs, then I think you can use ip access-lists to filter the traffic beetwen the 2 VLANs

HTH

Mark

0 Helpful

rpratikno
Level 1
Level 1
In response to d-mark

‎01-05-2007 01:27 PM

Hi Mark,

Thanks for you reply.

The routing device is the 3560 itself. I enable ip routing and the VLAN interfaces is directly connected due to at the same device. I had try to use ip access-list to VLAN interface, it seems didn't work.

0 Helpful

adavenport
Level 1
Level 1

‎01-05-2007 10:06 PM

rp,

in config:

ip access-list 101 deny tcp host b host a

ip access-list 101 permit ip any any

interface vlan 3

ip access-group 101 in

There are lots of other ways. This is just an example.

Roger

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card