Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

General acl

Hi,

I create 3 VLAN in the router. it working well right now.

I have question, how to do access list in order for:-

1.VLAN 300 can;t see VLAN 200 but can see VLAN 100?

below is my config:

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1.1

description $ETH-LAN$

encapsulation dot1Q 200

ip address 172.27.100.254 255.255.0.0

ip access-group sdm_fastethernet0/1.2_in in

no snmp trap link-status

!

interface FastEthernet0/1.2

description $ETH-LAN$

encapsulation dot1Q 100 native

ip address 172.7.100.254 255.255.0.0

no snmp trap link-status

!

interface FastEthernet0/1.3

description VLAN for Naraya

encapsulation dot1Q 300

ip address 172.47.100.254 255.255.0.0

no snmp trap link-status

!

interface Serial0/1/0

bandwidth 128

ip address 172.16.1.2 255.255.255.0

no fair-queue

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.27.17.100

ip route 172.5.0.0 255.255.0.0 172.16.1.1

!

ip access-list extended sdm_fastethernet0/1.1_in

---> what should i put here

ip access-list extended sdm_fastethernet0/1.2_in

---> what should i put here

ip access-list extended sdm_fastethernet0/1.3_in

---> what should i put here

2 REPLIES
Community Member

Re: General acl

deny ip 172.47.0.0 0.0.255.255 any

permit ip any any

Apply to vlan 200 outgoing direction.

Sent from Cisco Technical Support iPhone App

Purple

General acl

Hi,

ip access-list extended no-vlan200

deny ip 172.147.100.0 0.0.0.255 172.27.100 .0 0.0.0.255

permit ip 172.147.100.0 0.0.0.255 any

int f0/1.3

ip access-group no-vlan200 in

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
110
Views
0
Helpful
2
Replies
CreatePlease to create content