I want to create two vlan's, VLAN 1 and VLAN 2. The setup is that VLAN 1 can communicate with VLAN 2, but VLAN 2 don't may have any permission to communicatie with VLAN 1. My switch is a Cisco 3750x. How can I configure this?
Don't forget that IP communication is bidirectional and that ACLs are stateless so unless you use a stateful feature like reflexive ACL or firewall feature you can't permit all communication from vlan 1 to vlan 2 and at the same time block from vlan 2 to vlan 1 because then you'll block the reply traffic in response to permitted traffic from vlan 1 to vlan 2.
On access/distribution switches like 29xx/35xx there is no such feature so your only solution is to do the intervlan routing on a router or firewall and apply filtering policy on this device.
This feature is easily bypassed as it only looks at TCP flags in traffic and if one wants to isolate VLANs completely with ACLs it is best to use a dedicated device that supports stateful filtering or use private vlans and/or VRFs.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.