cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17696
Views
5
Helpful
2
Replies

Access list in switch

wonderpug
Level 1
Level 1

I have two Vlans configured in our 4507 switch (IOS). Vlan 1 as company vlan and Vlan 2 as vendor vlan. I would like to configure access list(s) to accompolish the following rules:

Vlan 1 have full access to Vlan 2 (to the whole subnet or only few IP addresses).

Vlan 2 have no access to Vlan 1 at all.

What are the best way to have this done? Any suggestion will be appreciated.

Happy Holiday!

2 Replies 2

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hi ,

Check out the link how to configure and apply ACL in switches

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swacl.html

Hope this resolves your query !!

Regards

Ganesh.H

Applying an ACL on a vlan interface will only have the ACL kick in if packets are L3 routed on the switch (hit the vlan SVI).

What you want is a Vlan ACL (VACL) explained here http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/vacl.html


Here is an example:

Router# show ip access-lists net_10
Extended IP access list net_10
    permit ip 10.0.0.0 0.255.255.255 any

Router# show ip access-lists any_host
Standard IP access list any_host
    permit any

This example shows how to define and apply a VLAN access map to forward IP packets. In this example, IP traffic matching net_10 is forwarded and all other IP packets are dropped due to the default drop action. The map is applied to VLAN 12 to 16.

Router(config)# vlan access-map thor 10
Router(config-access-map)# match ip address net_10
Router(config-access-map)# action forward 
Router(config-access-map)# exit 
Router(config)# vlan filter thor vlan-list 12-16 

I hope it helps.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: