Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VLAN Security

I currently have a 2960 witch with 2 VLANs on it (VLAN 99 and VLAN 102). The switches are connected to two 4507s via trunks.

I want the host in VLAN 99 to be able to communicate with only limited host in VLAN 102 on the 2 4507s.

I have included a drawing.

The only way I can figure to do that is by putting access-list on all the intefaces in the 4507, of course this makes no since.

Any ideas would be appreciated.

Thanks

3 REPLIES
New Member

Re: VLAN Security

The only place you would need to put an ACL is on vlan interface of VLAN 90.

ip access-list ext hello

permit ip h.h.h.h n.n.n.n h.h.h.h n.n.n.n

Int vlan 90

ip access-group hello in

New Member

Re: VLAN Security

Are you talking about putting an ACL on the int VLAN 99 on each of the 4507s?

I thought of that but felt that would only control traffic going to that particular int on either of the 2 4507s. It would not control traffic on any other interface.

I dont think the 4507 supports VACLs and isn't that what you are speaking of?

Re: VLAN Security

first of all VACL filter trafic withing the same valn while ur case between two diffrent vlans

u can achived as mentioned by the prevouse post through ACL and apply it to vlan 99

for example lets say valn 99 is 10.99.1.0/24

and vlan 2 is 10.2.1.0/24

u want hosts in vlan 99 to communicate with only two hosts for eaxmple 10.2.1.1 and 10.2.1.2

access-list 100 permit ip 10.99.1.0 0.0.0.255 host 10.2.1.1

access-list 100 permit ip 10.99.1.0 0.0.0.255 host 10.2.1.2

interface vlan 99

ip access-group 100 in

by the way those permited hosts in vlan 2 will only be able to communicate with hosts in vlan 99 because this ACL will filter the returen path for communication from 2 to 99 as well

if helpful Rate

217
Views
8
Helpful
3
Replies
CreatePlease to create content