Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN Access-List

Hi ,

I need to apply access list in global mode.I want that user VLAN_A, VLAN_B and VLAN_C shouldnt be able to communicate with each other but these vlans should be able to communicate with VLAN_SERVER and VLAN_IT.

how do i do configuration,i am lil confused.

regards

Neo

7 REPLIES
Hall of Fame Super Blue

Re: VLAN Access-List

Neo

VLAN A = 192.168.5.0/24

VLAN B = 192.168.6.0/24

VLAN C = 192.168.7.0/24

VLAN A

======

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 101 permit ip any any

int vlan A

ip access-group 101 in

VLAN B

======

access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 102 permit ip any any

int vlan B

ip access-group 102 in

VLAN C

======

access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 103 permit ip any any

int vlan C

ip access-group 103 in

Jon

New Member

Re: VLAN Access-List

If you are using DHCP on those VLANs you need to make sure that you allow the following as well in the access-list else your clients will not be able to get IP addresses.

access-list xxx permit udp 0.0.0.0 0.0.0.0 eq bootps

Hall of Fame Super Blue

Re: VLAN Access-List

edited.

Hall of Fame Super Blue

Re: VLAN Access-List

Jacques

Apologies i see what you mean, i have edited original post.

Jon

New Member

Re: VLAN Access-List

Hi All,

I need to configure only in global mode only not in interface mode.

regards

Neo

New Member

Re: VLAN Access-List

please help

regards

Neo

Hall of Fame Super Blue

Re: VLAN Access-List

Neo

The way to achieve filtering between vlans is to use the example provided. However if you have to do it from global config mode you are probably referring to a vlan access-map -

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swacl.html#wp1087276

these are most commonly used to filter traffic within the same vlan and not between vlans though.

Jon

250
Views
0
Helpful
7
Replies