Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

ACL on different VLAN

I've got 3 routers connect together in triangle.

A

/ \

B _ C

The router A connect to B using point to point connection but connect to C by VLAN let's say VLAN 2.

The router B connect to C using point to point connection.

The router A has many VLAN, they're all in different IP range.

Let's say, the VLAN 30 (10.0.0.0 network) on router A is very important. I don't want other to be able to contact to this VLAN.

Can I don't apply ACL on this VLAN but apply on other interface like VLAN 2 of router A and say ...

router A#

interface VLAN 2

ip access-group test in

interface VLAN 30

<<no any ACL apply>>

ip access-list extended test

deny ip any 10.0.0.0 0.255.255.255

I think, we cannot do that. We need to apply on the VLAN 30 because the range is fixed on the VLAN ...

Can anyone confirm my thought ?

Thanks,

2 REPLIES
Bronze

Re: ACL on different VLAN

If you modify the acl to allow all other traffic (otherwise the implicit deny will block all traffic) I see no reason why it shouldn't work?

ip access-list extended test

deny ip any 10.0.0.0 0.255.255.255

permit ip any any

Depending on what you want exactly, you may have to apply the same acl also on the point-to-point interfaces of router A.

I'm just curious why you would want to do this, since it seems so much easier to just put an acl on interface vlan30 ?

hth

Herbert

New Member

Re: ACL on different VLAN

because it's present configuration that i've found ... the 'test' ACL applied on VLAN 2, but never apply on point to point interface.

i'm practising "troble shooting" (^ ^bb)

thank you so much for your help~

87
Views
0
Helpful
2
Replies
CreatePlease to create content