02-08-2009 11:20 AM - edited 02-20-2020 09:41 PM
Hi
I am configuring a 3560 switch has 3 VLANs i.e.
vlan 223 - server - 10.4.223.0 /24 - 10.4.223.1
vlan 224 - user - 10.4.224.0 /24 - 10.4.224.1
vlan 225. - internet - 10.4.225.0 /24 - 10.4.225.2
10.4.225.1 is the gw for isp from the switch which i am using as a next hop on the switch.
vlan 225 in which a isp is conneced for internet, i want only to allow only udp for 10.4.223.2. rest ips should not go to the internet but vlan 224 and vlan 225 should access vlan 223.
i am writing the access list but it's not working
ip access-list extended Subnet_Vlan223
permit udp any 10.4.223.1 0.0.0.255 eq 53
deny ip host 10.4.225.1 10.4.224.3 0.0.0.252 - i want from 10.4.224.3-254 host should be blocked from communicating with 10.4.225.1
permit ip any any
interface Vlan223
ip access-group Subnet_Vlan223 in
regards
saurav
Solved! Go to Solution.
02-08-2009 09:52 PM
The first IP should be the source and the second destination. Since this is a inbound access-list, your ACL looks backwards.
The deny statement may need to be written as two lines: allow .2 to access .1, deny the whole Class C network from getting to .1
02-08-2009 09:52 PM
The first IP should be the source and the second destination. Since this is a inbound access-list, your ACL looks backwards.
The deny statement may need to be written as two lines: allow .2 to access .1, deny the whole Class C network from getting to .1
03-12-2009 12:43 PM
Hi Den
Thanks for your great help.
Regards
Saurav
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: