05-17-2006 12:56 AM - edited 03-03-2019 03:14 AM
hi
i have the following configuration:
!
interface FastEthernet0/1
description **** connected to Timsoret Line-code yy-yyyyy 1 Giga ***
no ip address
duplex full
speed 100
!
interface FastEthernet0/1.2007
description ***** Connect To MASTER_SHUKEI_ON *****
encapsulation dot1Q 2007
ip address 172.21.2.46 255.255.255.248
!
interface FastEthernet0/1.2008
description ***** Connect To TRAST *****
encapsulation dot1Q 2008
ip address 172.21.2.54 255.255.255.248
!
interface FastEthernet0/1.2009
description ***** Connect To TRAST *****
encapsulation dot1Q 2009
ip address 172.21.2.62 255.255.255.248
!
interface FastEthernet0/1.2010
description ***** Connect To TRAST *****
encapsulation dot1Q 2010
ip address 172.21.2.707 255.255.255.248
!
and i want to config a access deny between the vlans, that the user can't come in to anather vlans that don't belong to them
thanks
05-17-2006 03:28 AM
Don't quite understand what you are asking you don't want anyone going between vlans ??? If so turn off routing ....
05-17-2006 04:34 AM
i mean that user in vlan 2007 will not access to anther vlans and user in vlan 2008 will not access to anther vlans and etc.
05-17-2006 04:47 AM
HI
Configure access-list
access-list 10 deny u r vlan2007 range
access-list 10 permit any
int f0/0.2007
access-group 10 in
same for vlan 2008
Thanks
Mahmood
05-17-2006 06:05 AM
Hi,
inplace of vlan2007 range you should do like below.
access-list 10 deny vlan2008 & vlan2009 & vlan2010
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide