cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
395
Views
0
Helpful
1
Replies

VLAN ACL Question

cinmachina
Level 1
Level 1

Is it possible to limit traffic on a VLAN to ONLY that specific VLAN, with a hole poked in for a couple IP addresses?

Here's the scenario:

Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.

Let's say it's VLAN 100

Let's say that network is 10.10.5.0/24

Let's say the server IP is 10.10.4.12/24

I would like this done on the main router, a 6509.

1 Accepted Solution

Accepted Solutions

gatlin007
Level 4
Level 4

In the simplest form you could use an ACL such as this:

access-list 100 permit ip host 10.10.4.12 10.10.5.0 0.0.0.255

int vlan 100
ip access-group 100 out
exit

*warning* this will not allow any hosts in 10.10.5.0/24 to communicate with hosts outside their network.

This will satisfy the requirement provided in the question:

Here's the scenario:

Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.

크리스

View solution in original post

1 Reply 1

gatlin007
Level 4
Level 4

In the simplest form you could use an ACL such as this:

access-list 100 permit ip host 10.10.4.12 10.10.5.0 0.0.0.255

int vlan 100
ip access-group 100 out
exit

*warning* this will not allow any hosts in 10.10.5.0/24 to communicate with hosts outside their network.

This will satisfy the requirement provided in the question:

Here's the scenario:

Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.

크리스

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco