Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

who can help me with this ACL problem

hi experts,

I have a layer 3 switch and i am trying to accomplish this task: there are two VLAN , supposed VLAN 10 and VLAN 20 , I want PCs in VLAN 10 can ping VLAN 20 but PCs in VLAN 20 can not ping PCs in VLAN 10 , anyone can give me some advises?

thank you!

6 REPLIES

Re: who can help me with this ACL problem

hi

check for Firewalls in the client pc and also for ACLs under the vlans.

if possible do post out the config here.

regds

New Member

Re: who can help me with this ACL problem

thankyou for replying

i am afraid you do not understand what i mean, or maybe i do not express clearly. what i want to do is that PCs in vlan 10 can ping PCs in vlan 20 but PCs in vlan 20 can not ping PCs in vlan 10. just some kind of one direction communication.

New Member

Re: who can help me with this ACL problem

Create an extended incoming access-list on interface vlan 20 with the following entries:

permit icmp any any echo-reply

deny ip any any

New Member

Re: who can help me with this ACL problem

sorry, I meant outgoing access-list: for example

interface vlan 20

ip address

ip access-group out

New Member

Re: who can help me with this ACL problem

how about TCP connections?

Does PCs in VLAN 20 can open TCP/UDP connection to PCs in VLAN 10?

Hall of Fame Super Bronze

Re: who can help me with this ACL problem

ip access-list extended Vlan20_IN

deny icmp [vlan20 subnet] any echo

permit ip any any

interface vlan 10

ip access-group Vlan20_IN

132
Views
0
Helpful
6
Replies
CreatePlease to create content