12-02-2003 11:25 PM - edited 03-02-2019 12:06 PM
I've got 3 routers connect together in triangle.
A
/ \
B _ C
The router A connect to B using point to point connection but connect to C by VLAN let's say VLAN 2.
The router B connect to C using point to point connection.
The router A has many VLAN, they're all in different IP range.
Let's say, the VLAN 30 (10.0.0.0 network) on router A is very important. I don't want other to be able to contact to this VLAN.
Can I don't apply ACL on this VLAN but apply on other interface like VLAN 2 of router A and say ...
router A#
interface VLAN 2
ip access-group test in
interface VLAN 30
<<no any ACL apply>>
ip access-list extended test
deny ip any 10.0.0.0 0.255.255.255
I think, we cannot do that. We need to apply on the VLAN 30 because the range is fixed on the VLAN ...
Can anyone confirm my thought ?
Thanks,
12-03-2003 02:30 AM
If you modify the acl to allow all other traffic (otherwise the implicit deny will block all traffic) I see no reason why it shouldn't work?
ip access-list extended test
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
Depending on what you want exactly, you may have to apply the same acl also on the point-to-point interfaces of router A.
I'm just curious why you would want to do this, since it seems so much easier to just put an acl on interface vlan30 ?
hth
Herbert
12-03-2003 06:19 PM
because it's present configuration that i've found ... the 'test' ACL applied on VLAN 2, but never apply on point to point interface.
i'm practising "troble shooting" (^ ^bb)
thank you so much for your help~
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: