Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access list in switch

I have two Vlans configured in our 4507 switch (IOS). Vlan 1 as company vlan and Vlan 2 as vendor vlan. I would like to configure access list(s) to accompolish the following rules:

Vlan 1 have full access to Vlan 2 (to the whole subnet or only few IP addresses).

Vlan 2 have no access to Vlan 1 at all.

What are the best way to have this done? Any suggestion will be appreciated.

Happy Holiday!

Everyone's tags (5)
2 REPLIES

Re: Access list in switch

Hi ,

Check out the link how to configure and apply ACL in switches

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html

Hope this resolves your query !!

Regards

Ganesh.H

Cisco Employee

Re: Access list in switch

Applying an ACL on a vlan interface will only have the ACL kick in if packets are L3 routed on the switch (hit the vlan SVI).

What you want is a Vlan ACL (VACL) explained here http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/vacl.html


Here is an example:

Router# show ip access-lists net_10
Extended IP access list net_10
    permit ip 10.0.0.0 0.255.255.255 any

Router# show ip access-lists any_host
Standard IP access list any_host
    permit any

This example shows how to define and apply a VLAN access map to forward IP packets. In this example, IP traffic matching net_10 is forwarded and all other IP packets are dropped due to the default drop action. The map is applied to VLAN 12 to 16.

Router(config)# vlan access-map thor 10
Router(config-access-map)# match ip address net_10
Router(config-access-map)# action forward 
Router(config-access-map)# exit 
Router(config)# vlan filter thor vlan-list 12-16 

I hope it helps.

PK

14087
Views
0
Helpful
2
Replies