Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Catalyst 3750 Switch - Access List Problem

hello all,

We are using 3750 Switch with 4 Vlan.

vlan 1 is configured with 192.168.121.0 255.255.255.0

Vlan 2 is confiugred with 192.168.122.0 255.255.255.0 segment

and like wise vlan 3 and 4.

I had given an access list on vlan 2 to stop access of all only permit specified host.

e.g

interface Vlan1

ip address 192.168.121.1 255.255.255.0

standby 10 ip 192.168.121.5

standby 10 priority 110

!

interface Vlan2

ip address 192.168.122.1 255.255.255.0

ip access-group TEMP in

standby 20 ip 192.168.122.5

standby 20 priority 110

interface Vlan3

ip address 192.168.123.1 255.255.255.0

standby 30ip 192.168.123.5

standby 30 priority 110

ip access-list extended TEMP

permit ip 192.168.122.0 0.0.0.255 host 192.168.123.3

permit ip 192.168.122.0 0.0.0.255 host 10.31.2.120

permit udp any any

when I have applied on vlan 2 than I can not ping from this Swtich but from all other wich host do not have acces can also ping 192.168.122.0 segment which I want to deny.

Pls help me soon..............

9 REPLIES
New Member

Re: Catalyst 3750 Switch - Access List Problem

Your last statement permit udp any any, should be deny ip any any. But before you do that, you might want to allow you the ip from which you manage the switch.

New Member

Re: Catalyst 3750 Switch - Access List Problem

Dear Sir,

yet also Every one can access .... There is no effect of Access list .......

psl help

Re: Catalyst 3750 Switch - Access List Problem

HI

U r permitting all the ips from the specifeid subnets to access the two hosts.try to access any other hosts and check.

And what is the ip of the system and it is in which vlan..?

Thanks

Mahmood

New Member

Re: Catalyst 3750 Switch - Access List Problem

dear all,

here is the confiugration in attachment .............

Though I have applied Access-list all can access 192.168.122.0 this segment.

pls give the suggation ASAP.

Re: Catalyst 3750 Switch - Access List Problem

HI

What is the source of u r traffic i think u want everyone to access the hosts specifed in the list.U r not denying anyone else to access u r subnet ie.192.168.122.0.I think u r confused and not able to understand u r requirement.

if u want the hosts specifed in the list to access this subnet then u need to change the order of the list.

access-list permit host (ip addresss) 192.168.122.0 0.0.0.255

make all u r entries

and apply the access-list as outbound to ur interface.

Thanks

Mahmood

New Member

Re: Catalyst 3750 Switch - Access List Problem

Dear mehmood,

I want to secure 192.168.122.0 NW from all outside Hosts..only the hosts specified in Access list can access this NW ....this is my requirement.

as per you give me the configuration idea.

Re: Catalyst 3750 Switch - Access List Problem

HI

U need to define the access-list as follows

access-list extended permit host 192.22.19.16 192.168.122.0 0.0.0.255

access-list extended permit host 192.44.108.110 192.168.122.0 0.0.0.255

access-list extended permit host 192.2.219.91 192.168.122.0 0.0.0.255

permit udp any any

deny ip any any

interface vlan 2

ip access-group extended out

Thanks

Mahmood

Re: Catalyst 3750 Switch - Access List Problem

There is an implicit deny at the end of an ACL. You don't have to specify it.

Gold

Re: Catalyst 3750 Switch - Access List Problem

This is true.

However if you do want logging or hitcount to work with it then you would have to add the line into the access-list.

492
Views
0
Helpful
9
Replies
CreatePlease login to create content