Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACL for Permittin only UDP port to Internet

Hi

I am configuring a 3560 switch has 3 VLANs i.e.

vlan 223 - server - 10.4.223.0 /24 - 10.4.223.1

vlan 224 - user - 10.4.224.0 /24 - 10.4.224.1

vlan 225. - internet - 10.4.225.0 /24 - 10.4.225.2

10.4.225.1 is the gw for isp from the switch which i am using as a next hop on the switch.

vlan 225 in which a isp is conneced for internet, i want only to allow only udp for 10.4.223.2. rest ips should not go to the internet but vlan 224 and vlan 225 should access vlan 223.

i am writing the access list but it's not working

ip access-list extended Subnet_Vlan223

permit udp any 10.4.223.1 0.0.0.255 eq 53

deny ip host 10.4.225.1 10.4.224.3 0.0.0.252 - i want from 10.4.224.3-254 host should be blocked from communicating with 10.4.225.1

permit ip any any

interface Vlan223

ip access-group Subnet_Vlan223 in

regards

saurav

1 ACCEPTED SOLUTION

Accepted Solutions

Re: ACL for Permittin only UDP port to Internet

The first IP should be the source and the second destination. Since this is a inbound access-list, your ACL looks backwards.

The deny statement may need to be written as two lines: allow .2 to access .1, deny the whole Class C network from getting to .1

2 REPLIES

Re: ACL for Permittin only UDP port to Internet

The first IP should be the source and the second destination. Since this is a inbound access-list, your ACL looks backwards.

The deny statement may need to be written as two lines: allow .2 to access .1, deny the whole Class C network from getting to .1

New Member

Re: ACL for Permittin only UDP port to Internet

Hi Den

Thanks for your great help.

Regards

Saurav

259
Views
0
Helpful
2
Replies