Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access List

Hi

I want to make access list that from one vlan (Vlan10) out my 8 vlan can acess only two servers form server vlan (vlan 2)that are DHCP (IP x.x.x.10 )and proxy server (IP x.x.x.14:8088) so that the users from that vlan can get only access internet and get IP .Can anybody help me

Thanks Frds

JD

7 REPLIES

Re: Access List

if i understand you correctly, you want users in VLAN10 to get IP addresses and should be able to access only internet and proxy server.

For this you can try something like this

access-list 100 permit udp any any eq 67

access-list 100 permit udp any any eq 68

access-list 100 permit ip host

access-list 100 permit ip any eq www

interface vlan 10

ip access-group 100 in

HTH

Narayan

New Member

Re: Access List

Thanks Narayan

yes you understood, what i want thanks for your help i will try and let you know about the result

New Member

Re: Access List

i have already applied 101 list as in

i think i should aplly it "out" instead of " in" , and will it requie some changes

for that

interface vlan 10

ip access-group 101 in

Re: Access List

For out you need to use ip access-group 101 out

But in your case inbound access-list would make more sense

Narayan

New Member

Re: Access List

Thaks for your precious time Sir

Can we apply more than one inbound

Access lists on an interface

Like

interface vlan 10

ip access-group 101 in

ip access-group 102 in

Regards

JD

Re: Access List

No..you can have only one inbound and one outbound access-list applied to an interface

int vlan 10

ip access-group 101 in

ip access-group 102 out

Narayan

New Member

Re: Access List

so Sir can a apply like this

access-list 100 permit udp any any eq 67

access-list 100 permit udp any any eq 68

access-list 100 permit ip host

access-list 100 permit ip any eq www

interface vlan 10

ip access-group 100 out

or should i apply

access-list 10 permit

access-list 10 permit

access-list 10 deny any

interface vlan 10

ip access-group 10 out

144
Views
0
Helpful
7
Replies