Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-list problem

I need to restrict the access of a vlan so only certain IPs can access machines in that vlan but at the same time I want this vlan to talk to the whole world.I have used the following access-list scenario and it works in a sense that only IPs specified in the access-list are able to talk to this vlan but at the same time machines in this this vlan don't talk to anything else even what is specified int he access-list (my traceroute and ping fails)

access-list 132 permit tcp any any established

access-list 132 permit ip 10.1.21.0 0.0.0.255 10.12.244.0 0.0.1.255

access-list 132 permit ip 10.1.22.0 0.0.0.255 10.12.244.0 0.0.1.255

access-list 132 permit ip 10.0.0.0 0.0.255.255 10.12.244.0 0.0.1.255

access-list 132 permit ip 10.5.80.0 0.0.7.255 10.12.244.0 0.0.1.255

access-list 132 permit icmp any 10.12.244.0 0.0.1.255 echo-reply

Interface vlan xxx

ip access-group 132 out

6 REPLIES
New Member

Re: Access-list problem

I would suggest that you apply ACLs to the incomming interfaces of each subnet.

BR

Daniel

New Member

Re: Access-list problem

Dan

That is not possible because subnet 10.1.21 or 10.1.22 or 10.0.0.0/16 are not local to 10.12.244.x

New Member

Re: Access-list problem

try to add the line

access-list 132 permit ip 10.12.244.0 0.0.1.255 any

to your ACL

BR

Daniel

New Member

Re: Access-list problem

perhaps you can put deny statements at the top of your acl if you know which networks you need to block.

New Member

Re: Access-list problem

perhaps you can put deny statements at the top of your acl if you know which networks you need to block.

New Member

Re: Access-list problem

perhaps you can put deny statements at the top of your acl if you know which networks you need to block.

120
Views
0
Helpful
6
Replies
CreatePlease login to create content