Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access list in switch

I have two Vlans configured in our 4507 switch (IOS). Vlan 1 as company vlan and Vlan 2 as vendor vlan. I would like to configure access list(s) to accompolish the following rules:

Vlan 1 have full access to Vlan 2 (to the whole subnet or only few IP addresses).

Vlan 2 have no access to Vlan 1 at all.

What are the best way to have this done? Any suggestion will be appreciated.

Happy Holiday!

Everyone's tags (5)

Re: Access list in switch

Hi ,

Check out the link how to configure and apply ACL in switches

Hope this resolves your query !!



Cisco Employee

Re: Access list in switch

Applying an ACL on a vlan interface will only have the ACL kick in if packets are L3 routed on the switch (hit the vlan SVI).

What you want is a Vlan ACL (VACL) explained here

Here is an example:

Router# show ip access-lists net_10
Extended IP access list net_10
    permit ip any

Router# show ip access-lists any_host
Standard IP access list any_host
    permit any

This example shows how to define and apply a VLAN access map to forward IP packets. In this example, IP traffic matching net_10 is forwarded and all other IP packets are dropped due to the default drop action. The map is applied to VLAN 12 to 16.

Router(config)# vlan access-map thor 10
Router(config-access-map)# match ip address net_10
Router(config-access-map)# action forward 
Router(config-access-map)# exit 
Router(config)# vlan filter thor vlan-list 12-16 

I hope it helps.