Re: access-list configuration

amenash123 · ‎05-17-2006

hi

i have the following configuration:

!

interface FastEthernet0/1

description **** connected to Timsoret Line-code yy-yyyyy 1 Giga ***

no ip address

duplex full

speed 100

!

interface FastEthernet0/1.2007

description ***** Connect To MASTER_SHUKEI_ON *****

encapsulation dot1Q 2007

ip address 172.21.2.46 255.255.255.248

!

interface FastEthernet0/1.2008

description ***** Connect To TRAST *****

encapsulation dot1Q 2008

ip address 172.21.2.54 255.255.255.248

!

interface FastEthernet0/1.2009

description ***** Connect To TRAST *****

encapsulation dot1Q 2009

ip address 172.21.2.62 255.255.255.248

!

interface FastEthernet0/1.2010

description ***** Connect To TRAST *****

encapsulation dot1Q 2010

ip address 172.21.2.707 255.255.255.248

!

and i want to config a access deny between the vlans, that the user can't come in to anather vlans that don't belong to them

thanks

glen.grant · ‎05-17-2006

Don't quite understand what you are asking you don't want anyone going between vlans ??? If so turn off routing ....

amenash123 · ‎05-17-2006

i mean that user in vlan 2007 will not access to anther vlans and user in vlan 2008 will not access to anther vlans and etc.

mahmoodmkl · ‎05-17-2006

HI

Configure access-list

access-list 10 deny u r vlan2007 range

access-list 10 permit any

int f0/0.2007

access-group 10 in

same for vlan 2008

Thanks

Mahmood

kamlesh.sharma · ‎05-17-2006

Hi,

inplace of vlan2007 range you should do like below.

access-list 10 deny vlan2008 & vlan2009 & vlan2010

HTH