Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access-list problem, vlan blocking

Hi there

I have this setup:

2 Distribution switches DS01 and DS02, working as coor and dist (collapsed core)

2 Access switches with vlan 10 on one and vlan 11 on the other one

I also have a vlan 99 on all the swithces worinkg as management vlan

I have a Layer 3 link between the the DS switches also each access switche have a trunk link to each DS switches

Now here is my problem

I want to block the traffick from vlan 10, 11 and possibly also other vlans to vlan 99.

I have created a access-list to do this for vlan 10 to begin with

Vlan 10 = 10.0.10.0

Vlan 99 = 10.0.99.0

Here is my access-list config

access-list 101 deny ip 10.0.10.0 0.0.0.255 10.0.99.0 0.0.0.255

Interface vlan 99

ip access-group 101 in

it seems to block the traffick from vlan 10 to vlan 99 but some how I still can ping my DS01, not DS02, U_AS01 or U_AS02 which is the meaning

Any one who know how to fix this ?

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Super Bronze

Re: Access-list problem, vlan blocking

Hi

Can you this and test again?

This will block access to mgmt vlan from the other 2 vlans.

access-list 101 deny ip any 99.0 0.0.0.255

access-list 101 permit any

interface vlan 10

access-group 101 in

interface vlan 11

access-group 101 in

HTH

3 REPLIES
VIP Super Bronze

Re: Access-list problem, vlan blocking

Hi

Can you this and test again?

This will block access to mgmt vlan from the other 2 vlans.

access-list 101 deny ip any 99.0 0.0.0.255

access-list 101 permit any

interface vlan 10

access-group 101 in

interface vlan 11

access-group 101 in

HTH

New Member

Access-list problem, vlan blocking

Hi Reza Sharifi

So many thanks, it is working great

Best regards

Benjamin

VIP Super Bronze

Access-list problem, vlan blocking

Glad to help Ben.

Thanks for the rating

Reza

150
Views
0
Helpful
3
Replies