Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VLAN ACL Question

Is it possible to limit traffic on a VLAN to ONLY that specific VLAN, with a hole poked in for a couple IP addresses?

Here's the scenario:

Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.

Let's say it's VLAN 100

Let's say that network is 10.10.5.0/24

Let's say the server IP is 10.10.4.12/24

I would like this done on the main router, a 6509.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: VLAN ACL Question

In the simplest form you could use an ACL such as this:

access-list 100 permit ip host 10.10.4.12 10.10.5.0 0.0.0.255

int vlan 100
ip access-group 100 out
exit

*warning* this will not allow any hosts in 10.10.5.0/24 to communicate with hosts outside their network.

This will satisfy the requirement provided in the question:

Here's the scenario:

Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.

크리스

1 REPLY
Silver

Re: VLAN ACL Question

In the simplest form you could use an ACL such as this:

access-list 100 permit ip host 10.10.4.12 10.10.5.0 0.0.0.255

int vlan 100
ip access-group 100 out
exit

*warning* this will not allow any hosts in 10.10.5.0/24 to communicate with hosts outside their network.

This will satisfy the requirement provided in the question:

Here's the scenario:

Want a network where the computers are only capable of talking to each other and ONE other server. I also need the ability for that server to penetrate that network, but NOTHING else.

크리스

281
Views
0
Helpful
1
Replies
CreatePlease to create content