01-13-2014 10:54 AM - edited 03-07-2019 05:32 PM
Hi,
my core switch have total no.of 12 vlans from vlan 1 -12.ip range 192.168.1.0 -192.168.12.0/252
my requirement is all vlan only communicate with VLAN 1 , not with each other.
Can someone guide me to configure ACL for this scenarioa.
Solved! Go to Solution.
01-13-2014 11:04 AM
If your switch supports vrf, you'd be better going with that. If not, you'll need an acl for every vlan svi. That's going to be very hard to maintain.
ip access-list ext 102
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip any any
int vlan 2
ip access-group 102 in
ip access-list ext 103
permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip any any
int vlan 2
ip access-group 103 in
Etc...
HTH,
John
*** Please rate all useful posts ***
01-13-2014 11:04 AM
If your switch supports vrf, you'd be better going with that. If not, you'll need an acl for every vlan svi. That's going to be very hard to maintain.
ip access-list ext 102
permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip any any
int vlan 2
ip access-group 102 in
ip access-list ext 103
permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip any any
int vlan 2
ip access-group 103 in
Etc...
HTH,
John
*** Please rate all useful posts ***
01-13-2014 11:06 AM
Wajid
192.168.1.0 -192.168.12.0/252
the /252 makes no sense. What is the actual range in use ?
Are there any other 192.168.x.0/24 networks that should be allowed access between each other ?
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide