I have a switch with 5 vlans (192.168.1-5.X/24), connected to a router which has three interfaces (172.30.1-3.X/24)in addition to the uplink port. If I want the traffic from each of the 5 vlans to be able to talk (ping)to each of the 3 routing interfaces but not to be able to talk (ping) to any of the other vlans - is the best way to do it via extended access lists?
Can you explain more about the application of the access-group 'in' and 'out.' If I'm pinging from a specific 192 network (vlan1)to any of the 172 interfaces doesn't that mean I would apply the above mentioned access-list 101 'out' on the vlan1 interface?
You have to think from the router perspective towards the networks.
If you are pinging from 192 network to a 172 network, you would place an ACL with 'in' on the interface facing the 192 network. Just picture it, traffic is coming from the 192 network towards the router so you block the incoming packet.
If you wanted to block the pinging after 'routing' takes place, you would place the ACL with 'out' towards the destination (on this case 172 network) under the outgoing interface.
There are times when you need to decide if you want to block before it gets into the router or while it's leaving the router.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...