Hi,

When you have a multiple vlan's and inter vlan routing is working fine and no restrictions between vlans (using ACL) you can print from vlan2 to printer in vlan1 without any ACL required.

Please rate the helpfull posts.
Regards,
Naidu.

Yes, i'm able to ping. But if i want to restricted VLAN2 to communicate with VLAN1 vice versa but allow only printer to go thru. How can i do that? Can you guys help me how to configure? tq

hi,

could you post a simple network diagram and running config of your devices? what are the subnets assigned for both VLANs 1 and 2 and what is the IP address assigned for the said printer?

Hi farozezan73,

You can do that simply like below...
Say for example your network printer IP is 10.74.1.25

int vlan 1
ip add 10.74.1.1
ip access-group vlan-1

int vlan 2
10.20.1.1
ip access-group vlan-2

Now define accesslist accordingly.

ip access ex vlan-1
permit ip host 10.74.1.25 10.20.1.0 0.0.0.255

ip access ex vlan-2
permit ip 10.20.1.0 0.0.0.255 host 10.74.1.25

Please rate the helpfull posts.
Regards,
Naidu.

Hi Naidu,

Why 2 ACLs on both SVIs ? if you apply only one ACL on one SVI it will work as the implicit deny will drop all other traffic including return traffic going to the other SVI. What do you think about it?

Regards.

Alain

Thats true Alain and can be done,
But what I want is hardcode the traffic by permitting only interesting traffic.

Please rate the helpfull posts.
Regards,
Naidu.