I can't help with CNA, but if you can telnet to the switch, you can use this (this doesn't take into consideration internet access or anything outside of the vlans that you want to deny access to):
access-list 140 permit ip 10.1.40.0 0.0.0.255 10.1.50.0 0.0.0.255 access-list 140 deny ip any any
int vlan 40
ip access-group 140 in
The other vlans will get traffic to it, but the return traffic will be denied. If you don't want any of the other traffic getting to it, you'll need to put an acl on all of the SVIs denying access to vlan 40:
access-list 100 deny ip any 10.1.40.0 0.0.0.255 access-list 100 permit ip any any
And the other vlans will get traffic from vlan 40 if iniated, but return answer will be denied, correct?
The only traffic that will be able to leave vlan 40 is going to be from 40 to 50. Everything else will be denied, including internet traffic. You'll need to get more granular if you want to allow vlan 40 to access everything else but 100-200....
Well that seems ok - however we have access to all the vlans through our firewall, asa5515x - we are sitting on inside interface, and DMZ (192.168.10.1) is connected to the 3750G switch, which routes everything there.
So we need, ofcourse still to be able to get a hold of the servers on vlan 40, through inside leg of our asa (192.168.0.x/24)
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.