Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Need to hid general VLAN from management VLANs.

Hi I’m not too experienced with ACL’s so I come here seeking your help.

Recently we had a security audit performed and one of the items that was highlighted was that the production VLAN can see the management VLANs (ie SAN, VM host, Security Cameras). So I need to block this access with a ACL for the majority of our users but still need to exclude some members of our department.

So after doing some research I have come up with this.

---

interface vlan 1
ip address 10.113.0.1 255.255.0.0
ip access-group BAN_VLAN_2 in
!
interface vlan 2
ip address 10.111.0.1 255.255.0.0
!
interface vlan 3
ip address 10.114.0.1 255.255.0.0
ip access-group BAN_VLAN_2 in
!
ip access-list extended BAN_VLAN_2
deny ip 10.111.0.0 0.0.255.255 any
permit ip any any

---

VLAN 2 being my general VLAN.

Is there a better way of doing this? If so how?


Thanks!

Matthew

Everyone's tags (4)
1 REPLY

Need to hid general VLAN from management VLANs.

Hi Matthew,

You can restrict that with the ACL as you did . That ACL works like any requests coming from VLAN2 (10.111.0.1) to other VLAN's 1 & 3 will get totally blocked. Make sure that you don need anyother specific communications required from vlan 2 to the other vlans 1 & 3.

Please do rate if the given information helps.

By

Karthik

173
Views
4
Helpful
1
Replies
CreatePlease to create content