Hello sirs, I have 2 vlan on my uc560, vlan 100 for voice and vlan 90 for data, The both vlan cant comuunicate but with custom ACL this is inplicit but dont work.

I will show my shrun, please help me

interface Vlan1

description $FW_INSIDE$

ip address 192.168.10.1 255.255.255.0

ip access-group 101 in

ip nat inside

ip virtual-reassembly in

interface Vlan100

description $FW_INSIDE$

ip address 10.1.1.1 255.255.255.0

ip access-group 102 in

ip nat inside

ip virtual-reassembly in

access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_6##

access-list 101 remark SDM_ACL Category=1

access-list 101 deny   ip 192.168.9.0 0.0.0.255 any

access-list 101 deny   ip 10.1.10.0 0.0.0.3 any

access-list 101 deny   ip 10.1.1.0 0.0.0.255 any

access-list 101 deny   ip host 255.255.255.255 any

access-list 101 deny   ip 127.0.0.0 0.255.255.255 any

access-list 101 permit ip any any

access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_8##

access-list 102 remark SDM_ACL Category=1

access-list 102 permit tcp 10.1.10.0 0.0.0.3 any eq 2000

access-list 102 permit udp 10.1.10.0 0.0.0.3 any eq 2000

access-list 102 deny   ip 192.168.9.0 0.0.0.255 any

access-list 102 deny   ip 192.168.10.0 0.0.0.255 any

access-list 102 deny   ip 10.1.10.0 0.0.0.3 any

access-list 102 deny   ip host 255.255.255.255 any

access-list 102 deny   ip 127.0.0.0 0.255.255.255 any

access-list 102 permit ip any any

So based on acl 102, the line "access-list 102 deny   ip 192.168.10.0 0.0.0.255 any" block access of the vlan ip one on vlan 100, but I contnues access the ip 10.1.1.1.

What wrong ? :S

Thanks a lot to all!