Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Acl between VLANs

Hi, I am using switch 3560 for inter vlan routing i have following vlans 192.168.10.0/24 (voice) 192.168.20.0/24 (admin) 192.168.30.0/24 (data center) 192.168.40.0/24 (HR) I want to implement the ACL that no valn can access HR valn and HR vlan can access every VLAN . please help me out
8 REPLIES
New Member

Use Vlan access list and your

Use Vlan access list and your switch support it. The vacl works almost like route-map so with on statement all be solve
New Member

HI,Can you be please send me

HI,

Can you be please send me the acl for this

Purple

Hi,VACL is mostly used for

Hi,

VACL is mostly used for intra-VLAN filtering and for inter-VLAN filtering what is mostly used is a L3 ACL on the SVI.

Now the problem is that there is no stateful filtering on the 3750 switches so if you block access from any to HR it means you are also blocking replies to traffic initiated from HR.

It should then be helpful to know the traffic flows from HR to any so we can permit the replies in the ACLs we will apply on the other SVIs.

 

Regards

 

Alain

Don't forget to rate helpful posts.
New Member

 Hi,Yes Hr Valn can access

 

Hi,

Yes Hr Valn can access every vlan but no other valn access HR resources.I need correct sybtax how i applied the ACL of vlans virtual interface.

New Member

Hi,HR vlan are 192.168.40.0

Hi,

HR vlan are 192.168.40.0/24..Let make it more clear for you i want no one can access HR PCs from windows share folder like d$ etc and remote desktop.

Pleas make it clear what kind of traffic?Normally HR access the datacenter resources nothing else.My objective no other VLan access HR PC/printer

New Member

hellol agree with Alain even

hello

l agree with Alain even if the access list is configure becuase it is apply using the filter command on the global config mode it willl be difficult to filter just the one ACL to perform this requirement. if you are using Active directory you can do this using gpo. 

New Member

HI,I have AD how i can do

HI,

I have AD how i can do this with GPO???

Purple

Hi,if you don't tell us the

Hi,

if you don't tell us the traffic flows from HR to any we can't tell you which ACE entries to configure to permit return traffic.

as I explained in previous post there is no statefulness with ACLs on Cisco 3750 switches(no reflexive ACL) nor any stateful firewall feature.

Regards

 

Alain

Don't forget to rate helpful posts.
102
Views
5
Helpful
8
Replies