Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access-list configuration

hi

i have the following configuration:

!

interface FastEthernet0/1

description **** connected to Timsoret Line-code yy-yyyyy 1 Giga ***

no ip address

duplex full

speed 100

!

interface FastEthernet0/1.2007

description ***** Connect To MASTER_SHUKEI_ON *****

encapsulation dot1Q 2007

ip address 172.21.2.46 255.255.255.248

!

interface FastEthernet0/1.2008

description ***** Connect To TRAST *****

encapsulation dot1Q 2008

ip address 172.21.2.54 255.255.255.248

!

interface FastEthernet0/1.2009

description ***** Connect To TRAST *****

encapsulation dot1Q 2009

ip address 172.21.2.62 255.255.255.248

!

interface FastEthernet0/1.2010

description ***** Connect To TRAST *****

encapsulation dot1Q 2010

ip address 172.21.2.707 255.255.255.248

!

and i want to config a access deny between the vlans, that the user can't come in to anather vlans that don't belong to them

thanks

4 REPLIES
Purple

Re: access-list configuration

Don't quite understand what you are asking you don't want anyone going between vlans ??? If so turn off routing ....

New Member

Re: access-list configuration

i mean that user in vlan 2007 will not access to anther vlans and user in vlan 2008 will not access to anther vlans and etc.

Re: access-list configuration

HI

Configure access-list

access-list 10 deny u r vlan2007 range

access-list 10 permit any

int f0/0.2007

access-group 10 in

same for vlan 2008

Thanks

Mahmood

New Member

Re: access-list configuration

Hi,

inplace of vlan2007 range you should do like below.

access-list 10 deny vlan2008 & vlan2009 & vlan2010

HTH

115
Views
0
Helpful
4
Replies
CreatePlease login to create content