cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
717
Views
0
Helpful
4
Replies

VLAN access list

mahendran.a
Level 1
Level 1

Hi in my catalyst 4503 switch ,i want block traffic from vlan2 to vlan3 .but allow traffic from vlan3 to vlan2.pls tell me the commands

4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

How about an ACL? Let's assume vlan 2 is 192.168.2.0 /24 and vlan 3 is 192.168.3.0 /24.

ip access-list extended BLOCK-V2-V3

permit ip any any established

deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

permit ip any any

Then apply it to the VLAN interface-

ip access-group BLOCK-V2-V3 out

Certainly double check my work before implementing.

Hope that helps.

One small correction. You can only use "tcp" with established keyword.

permit tcp any any established

You can then apply either way you like.

int vlan 2

access-group BLOCK-V2-V3 in

or

int vlan 3

access-group BLOCK-V2-V3 out

Hey Collin

Thank u for your reply. I tried to configure this command ,but in the permit ip any any established command,the esablished is not working.Could u suggest me wat is the issue

My current version

Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9S-M), Version 12.2(25)EWA6, RELEASE

SOFTWARE (fc1)

See my previous post. You cannot use "ip" with the established command just as you cannot use it for "udp". It must be "tcp".

permit tcp any any established

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: