11-18-2011 08:54 PM - edited 03-07-2019 03:29 AM
hi:
i have a question here.
how do i use ACl to limit access between different vlans.
from above picture, there are two vlans - vlan 10 and vlan 20, both are connected to a router via a switch. their addresses are assigned by dhcp.
so far vlan 10 and vlan 20 can ping each other.
1. what if i do not want pc from vlan 10 to access pc from vlan 20
2. while vlan 20 can access vlan 10
3. and remain dhcp function.
assuming pc1 from vlan 10 is 1.1.1.1
and pc2 from vlan 20 is 2.2.2.2
please help.
thanks in advance
11-18-2011 10:51 PM
hi dannan,
Router#sh ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset up up
FastEthernet0/0.10 1.1.1.254 YES manual up up
FastEthernet0/0.20 2.2.2.254 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
Router(config)#access-list 1 deny 1.1.1.0 0.0.0.255
Router(config)#access-list 1 permit any
Router(config)#int f0/0.10
Router(config-subif)#ip access-group 1 out
11-19-2011 07:04 AM
thanks, it worked .
i know what you did is to limit any outgoing traffic .
Router(config)#int f0/0.10
Router(config-subif)#ip access-group 1 out
but i want to know why i can't use
Router(config)#access-list 1 deny 2.2.2.0 0.0.0.255
Router(config)#access-list 1 permit any
Router(config)#int f0/0.10
Router(config-subif)#ip access-group 1 in
if i want to block incoming traffic from 2.2.2.254
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide