Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Access-list

On my 4507 i have a vlan that i wish to isolate from all other traffic. The majority of my vlans are 10.0.0.x, but this particular vlan is 192.168.1.x.

Can anyone suggest an ACL that will block all traffic outside the 192.168.1.x range to this vlan. I assume i will only apply the ACL to this particular VLAN with access-group in.

Thanks

3 REPLIES
Community Member

Re: Access-list

will this work:

access-list DMZ permit any host 192.168.1.0 255.255.255.0

access-list DMZ deny any host 10.0.0.0 255.0.0.0

or do i have to specify the protocols to allow/block

Community Member

Re: Access-list

is this better?

access-list 101 remark Deny any traffic outside 192.168.1.x

access-list 101 permit IP any 192.168.1.0 255.255.255.0

access-list 101 deny IP any 0.0.0.0 0.0.0.0

Silver

Re: Access-list

It depends on how u r applying the ACL ( in or out). if you want to permit any to 192.168 then this is fine and it should be out. NO need for the last line, it is by default deny.

HTH

Regds

94
Views
0
Helpful
3
Replies
CreatePlease to create content