Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Access control between VLANs - Cisco ADSL 877 Router

Hi,

I need to setup 2 VLANs on the 877 Router and there is a need to ACL the 2 VLANs I create on the router.

How would I go about doing that?

5 REPLIES
Hall of Fame Super Gold

Re: Access control between VLANs - Cisco ADSL 877 Router

1st: Verify you have "advanced services" software to supports VLANs

2nd. Configure ACL for permity/deny. Apply ACL to interface with "ip access-group XX input"

Hope this helps, please rate post if it does!

New Member

Re: Access control between VLANs - Cisco ADSL 877 Router

Could you give me an example of an ACL I can use please?

Hall of Fame Super Gold

Re: Access control between VLANs - Cisco ADSL 877 Router

CCO is your friend:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml

Hope this helps, please rate post using the scrollbox below!

New Member

Re: Access control between VLANs - Cisco ADSL 877 Router

Thanks this info did help.

Lets take this a bit further.

I have 2 VLAN's

VLAN 1 = 192.168.10.x (Fast Ethernet0 is on VLAN 1)

VLAN 2 = 192.168.100.x (Fast Ethernet0 is on VLAN 2)

Both Vlans have domain controllers and the 100.x vlan has a Terminal server configured that both need access to. I want to allow access to these resources ONLY.

Basically no other traffic should pass through these 2 vlans except this.

Would the access list look something like this:access-list 111 permit ip 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255

access list 111 permit ip 192.168.10.0 0.0.0.255 host 192.168.100.x 255.255.255.255

Which interface(s) would I apply this to?

Thanks

Hall of Fame Super Gold

Re: Access control between VLANs - Cisco ADSL 877 Router

Hi,

the first line allow unlimited communication between the two vlan's

The second one allows 192.168.100.0 to access one host only on the other vlan, note the 255.255.255.255 is not necessary because you have specified host.

In any case the the ACL goes on the VLAN that you are limiting, one only is enough.

Hope this helps, please rate post if it does!

263
Views
0
Helpful
5
Replies
CreatePlease to create content