Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to use ACL to control VLAN traffic ?

hi:

i have a question here.

how do i use ACl to limit access between different vlans.

未命名.jpg

from above  picture, there are two vlans - vlan 10 and vlan 20, both are connected to a router via a switch.  their addresses are assigned by dhcp.

so far vlan 10 and vlan 20 can ping each other.

1. what if i do not want pc from vlan 10 to access pc from vlan 20

2. while vlan 20 can access vlan 10 

3. and remain dhcp function.

assuming pc1 from vlan 10 is 1.1.1.1

and pc2 from vlan 20 is 2.2.2.2

please help.

thanks in advance

Everyone's tags (1)
2 REPLIES

Re: how to use ACL to control VLAN traffic ?

hi dannan,

Router#sh ip int bri

Interface              IP-Address      OK? Method Status                Protocol

FastEthernet0/0        unassigned      YES unset  up                    up

FastEthernet0/0.10     1.1.1.254       YES manual up                    up

FastEthernet0/0.20     2.2.2.254       YES manual up                    up

FastEthernet0/1        unassigned      YES unset  administratively down down

Vlan1                  unassigned      YES unset  administratively down down

Router(config)#access-list 1 deny 1.1.1.0 0.0.0.255

Router(config)#access-list 1 permit any

Router(config)#int f0/0.10

Router(config-subif)#ip access-group 1 out

New Member

Re: how to use ACL to control VLAN traffic ?

thanks, it worked .

i know what you did is to limit any outgoing traffic .

Router(config)#int f0/0.10

Router(config-subif)#ip access-group 1 out

but i want to know why i can't use

Router(config)#access-list 1 deny 2.2.2.0 0.0.0.255

Router(config)#access-list 1 permit any

Router(config)#int f0/0.10

Router(config-subif)#ip access-group 1 in

if i want to block incoming traffic from 2.2.2.254

thanks

626
Views
0
Helpful
2
Replies
CreatePlease login to create content