Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN access list

Hi in my catalyst 4503 switch ,i want block traffic from vlan2 to vlan3 .but allow traffic from vlan3 to vlan2.pls tell me the commands

4 REPLIES

Re: VLAN access list

How about an ACL? Let's assume vlan 2 is 192.168.2.0 /24 and vlan 3 is 192.168.3.0 /24.

ip access-list extended BLOCK-V2-V3

permit ip any any established

deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

permit ip any any

Then apply it to the VLAN interface-

ip access-group BLOCK-V2-V3 out

Certainly double check my work before implementing.

Hope that helps.

Green

Re: VLAN access list

One small correction. You can only use "tcp" with established keyword.

permit tcp any any established

You can then apply either way you like.

int vlan 2

access-group BLOCK-V2-V3 in

or

int vlan 3

access-group BLOCK-V2-V3 out

New Member

Re: VLAN access list

Hey Collin

Thank u for your reply. I tried to configure this command ,but in the permit ip any any established command,the esablished is not working.Could u suggest me wat is the issue

My current version

Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9S-M), Version 12.2(25)EWA6, RELEASE

SOFTWARE (fc1)

Green

Re: VLAN access list

See my previous post. You cannot use "ip" with the established command just as you cannot use it for "udp". It must be "tcp".

permit tcp any any established

308
Views
0
Helpful
4
Replies