cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
631
Views
0
Helpful
2
Replies

ACL for Permittin only UDP port to Internet

sauravcgc
Level 1
Level 1

Hi

I am configuring a 3560 switch has 3 VLANs i.e.

vlan 223 - server - 10.4.223.0 /24 - 10.4.223.1

vlan 224 - user - 10.4.224.0 /24 - 10.4.224.1

vlan 225. - internet - 10.4.225.0 /24 - 10.4.225.2

10.4.225.1 is the gw for isp from the switch which i am using as a next hop on the switch.

vlan 225 in which a isp is conneced for internet, i want only to allow only udp for 10.4.223.2. rest ips should not go to the internet but vlan 224 and vlan 225 should access vlan 223.

i am writing the access list but it's not working

ip access-list extended Subnet_Vlan223

permit udp any 10.4.223.1 0.0.0.255 eq 53

deny ip host 10.4.225.1 10.4.224.3 0.0.0.252 - i want from 10.4.224.3-254 host should be blocked from communicating with 10.4.225.1

permit ip any any

interface Vlan223

ip access-group Subnet_Vlan223 in

regards

saurav

1 Accepted Solution

Accepted Solutions

Daniel Laden
Level 4
Level 4

The first IP should be the source and the second destination. Since this is a inbound access-list, your ACL looks backwards.

The deny statement may need to be written as two lines: allow .2 to access .1, deny the whole Class C network from getting to .1

View solution in original post

2 Replies 2

Daniel Laden
Level 4
Level 4

The first IP should be the source and the second destination. Since this is a inbound access-list, your ACL looks backwards.

The deny statement may need to be written as two lines: allow .2 to access .1, deny the whole Class C network from getting to .1

Hi Den

Thanks for your great help.

Regards

Saurav

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: