Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

access to two ips in a vlan

HI all experts

1.   we have two vlans .and in vlan 50 (10.10.18.0/24) we have servers ..these servers shouldnt accessed to outside world(no internet) and should be provided access to only two IPs of vlan 60 i.e (10.10.19.10 & 10.10.19.12). how to use access list and where to implement this.

interface Vlan50

description vlan for F&R

ip address 10.10.18.1 255.255.255.0

!

interface Vlan60

description vlan for HR&AD

ip address 10.10.19.1 255.255.255.0

2.     . vlan 50 should reach the gateway ip 10.10.10.1

Switch# sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile,

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - O

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA e

       E1 - OSPF external type 1, E2 - OSPF external ty

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-

       ia - IS-IS inter area, * - candidate default, U

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

     10.0.0.0/8 is variably subnetted, 12 subnets, 2 ma

C       10.10.18.0/24 is directly connected, Vlan50

C       10.10.19.0/24 is directly connected, Vlan60

S*   0.0.0.0/0 [1/0] via 10.10.10.1

thanks & regards

srikanth

1 REPLY

access to two ips in a vlan

Hi Srikanth,

It is simple, you need to define an extended accesslist and apply to the your servers vlan (vlan 50).

Like this you can add on if anything needs to be access from vlan50. But keep "deny ip any any" at the end as you dont want the server vlan access to internet.

ip access-list ext vlan50
permit ip any host 10.10.19.10
permit ip any host 10.10.19.12
deny ip any any


interface Vlan50
description vlan for F&R
ip address 10.10.18.1 255.255.255.0
ip access-group vlan50 in

Please rate the helpfull posts.
Regards,
Naidu.

219
Views
0
Helpful
1
Replies
CreatePlease to create content