10-06-2008 10:16 PM - edited 02-20-2020 09:41 PM
Hi in my catalyst 4503 switch ,i want block traffic from vlan2 to vlan3 .but allow traffic from vlan3 to vlan2.pls tell me the commands
10-07-2008 11:38 AM
How about an ACL? Let's assume vlan 2 is 192.168.2.0 /24 and vlan 3 is 192.168.3.0 /24.
ip access-list extended BLOCK-V2-V3
permit ip any any established
deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip any any
Then apply it to the VLAN interface-
ip access-group BLOCK-V2-V3 out
Certainly double check my work before implementing.
Hope that helps.
10-07-2008 11:54 AM
One small correction. You can only use "tcp" with established keyword.
permit tcp any any established
You can then apply either way you like.
int vlan 2
access-group BLOCK-V2-V3 in
or
int vlan 3
access-group BLOCK-V2-V3 out
10-08-2008 09:36 PM
Hey Collin
Thank u for your reply. I tried to configure this command ,but in the permit ip any any established command,the esablished is not working.Could u suggest me wat is the issue
My current version
Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9S-M), Version 12.2(25)EWA6, RELEASE
SOFTWARE (fc1)
10-09-2008 09:23 AM
See my previous post. You cannot use "ip" with the established command just as you cannot use it for "udp". It must be "tcp".
permit tcp any any established
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: