We have a Cat 3550 with 2 VLANs configured and need to restrict access from VLAN 1 so that the stations in this vlan can not access anything outside that VLAN, but systems in VLAN 1 need to be administered from VLAN2.
To do this we have used a reflexive access list on the interface VLAN1....
ip address 172.19.15.254 255.255.240.0
ip access-group infilter in
ip access-group outfilter out
ip access-list extended infilter
ip access-list extended outfilter
permit ip any any log reflect admin
Without the access list applied you can ping from VLAN2 to VLAN1. with the access lists applied the ping fails. When running an analyser on the replying station it gets a destination unreachable from the 3550. If you do a show ip access-list you can see the dynamic access listhas been create.
If you do this with a 1750 router insterad of a Cat 3550 it works ok.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.