Hello Everyone !!!
I have one query on vlan ACL
like I have three vlans
vlan 5 (220.127.116.11 255.255.255.0)
vlan 10 (10.10.10.1 255.255.255.0) server
vlan 15 (18.104.22.168 255.255.255.0)
Now I want to give access to host from vlan 5 and 15 to access vlan 10 server only and traffic between them is blocked.
so how it will be configured.
there are some of ACL commands can block the traffic that between vlan 5 and vlan 15 .
access-list 10 deny 22.214.171.124 0.0.0.255
access-list 10 permit any
ip access-group 10 in (this commad to configure the router (or multiswitch )subinterface on the Vlan 15
access-list 15 deny 126.96.36.199 0.0.0.255
access-list 15 permit any
ip access-group 15 in (this commad to configure the router (or multiswitch )
subinterface on the Vlan 5
I hope these will be helpful for you .
Long Fan ..
This may solve your requirement:
You can use acl's to limit the access between vlans. For example :-
vlan 5 = 188.8.131.52/24
vlan 10 = 10.10.10.0/24
vlan 15 = 184.108.40.206/24
As you want to allow traffic from vlan 5 and 15 to access only vlan 10 (servers) :
access-list 101 permit ip 220.127.116.11 0.0.0.255 10.10.10.0 0.0.0.255
access-list 102 permit ip 18.104.22.168 0.0.0.255 10.10.10.0 0.0.0.255
interface vlan 5 (or subinterface for the vlan 5)
ip access-group 101 in
interface vlan 15 (or subinterface for the vlan 15)
ip access-group 102 in
But this will block all other traffic except to vlan 10. If you want to block the traffic between vlan 5 and vlan 15 only then Long Fan's ACL will work fine.
when i configure as said it is able to ping 10.10.10.0 but no pc is able to ping their gateways.
If i have applied this acl then is there any thing I have to do on server vlan
If there is an acl already on server vlan then will that allow access or some changes need to done
***when i configure as said it is able to ping 10.10.10.0 but no pc is able to ping their gateways***
Yes you cannot ping their gateways because you have allowed only 10.10.10.0/24 network. You have to allow everything that you need more.
***If i have applied this acl then is there any thing I have to do on server vlan ***
It depend on the requirement. Now you do not need.
If there is an acl already on server vlan then will that allow access or some changes need to done***
Yes, you need to allow vlan 5 & 10 subnets.
Note: If you only need to block traffic between vlan 5 & 10 then create the standard deny acl for vlan 5 and vlan 10 as mentioned in the Long Fan post.