Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access-list Doubt

Hi,

my core switch have total no.of 12 vlans from vlan 1 -12.ip range 192.168.1.0 -192.168.12.0/252

my requirement is all vlan only communicate with VLAN 1 , not with each other.

Can someone guide me to configure ACL for this scenarioa.

1 ACCEPTED SOLUTION

Accepted Solutions

Access-list Doubt

If your switch supports vrf, you'd be better going with that. If not, you'll need an acl for every vlan svi. That's going to be very hard to maintain.

ip access-list ext 102

permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

deny ip any any

int vlan 2

ip access-group 102 in

ip access-list ext 103

permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

deny ip any any

int vlan 2

ip access-group 103 in

Etc...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
2 REPLIES

Access-list Doubt

If your switch supports vrf, you'd be better going with that. If not, you'll need an acl for every vlan svi. That's going to be very hard to maintain.

ip access-list ext 102

permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

deny ip any any

int vlan 2

ip access-group 102 in

ip access-list ext 103

permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

deny ip any any

int vlan 2

ip access-group 103 in

Etc...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Hall of Fame Super Blue

Access-list Doubt

Wajid

192.168.1.0 -192.168.12.0/252

the /252 makes no sense. What is the actual range in use ?

Are there any other 192.168.x.0/24 networks that should be allowed access between each other ?

Jon

59
Views
0
Helpful
2
Replies