I am trying to set up an ACL on our Cisco SG 300 switch. I want to create an ACL that enables hosts on our guest network to obtain IP addresses from a server on our "internal" network but they should not be able to reach any other resorses on that network. I set it up as follow, but it does not work the way i want. I have also bind interfaces to the ACL. Any sugestions?
How is your network currently setup? Are you using the SG300 as a layer3 switch? And if so, is it acting as your default gateway?
Most commonly when setting up a private/internal and public/guest network, I recommend using vlans and two subnets. I can not speak to the DHCP server but most should support multiple vlans and subnets. This allows you to seperate your traffic in a very simple way.
Tanks for your replay. The switch is configured to run in Layer 3 mode and one interface at each V-lan is default gateway. I want to configure an ACL that function so it only alow DHCP trafific from V-lan 4 Guest to V-lan 3 internal. It shuold also block trafic to V-lan 5. I hope that you understand what i mean, see the picture.
This will allow any computers on guest network to talk to the server on the main network. The deny rules will block any traffic from the guest network to the private network and to the other vlan5. The final rule clarifies that all other traffic is ok to go.
Thanks for your suggestion. I have used it with some small changes, and it works perfect. I uppload a picture on my config so you can see. The ACL is only permitting DHCP and DNS traffic between the guest network and the internal.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
You have a Cisco Unified Communications Manager (CUCM) system and want
to configure a SPA112 analog telephone adaptor (ATA) to register to the
CUCM so that you can use up to two analog phones or similar FXS devices
with the CUCM.In this application note, ...
Introduction: This document describes how to connect SG300 with Catalyst
switch via STP. Spanning Tree Protocol (STP) is a Layer 2 protocol that
runs on mainly on switches. The specification for STP is IEEE 802.1D.
The main purpose of STP is to ensure tha...