Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest VLAN - Access

Hello,

Please comment for the mentioned config is it correct for GUEST VLAN.
I need to block communication between user/server VLAN to Guest VLAN
Are the Acl correct ; any other recommendation for security and routing


On 4506

vlan 2
description "User VLAN"
IP address 10.10.10.1 255.255.255.0

vlan 3
description "Server VLAN"
IP address 192.168.1.1 255.255.255.0

vlan 4
description "User Voice"
IP address 192.168.10.1 255.255.255.0

vlan 5
description "GUEST"
IP address 172.16.1.1 255.255.255.0
ip access-group DENY out
ip access-group DENY in

router ospf 1
network 10.10.10.1 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.10.0 0.0.0.255 area 0

ip route 0.0.0.0 0.0.0.0 192.168.1.100
ip route 172.16.1.0 255.255.255.0 172.16.1.2

ip access-list extended DENY
deny   ip 172.16.1.0 0.0.0.255 192.168.10.0 0.0.0.255
deny   ip 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
deny   ip 172.16.1.0 0.0.0.255 10.10.10.0 0 0.0.0.255
permit ip any any

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Guest VLAN - Access

melwin.uk wrote:


Melwin

You only need to apply this acl inbound on the vlan 5 interface and not outbound ie.

int vlan 5

ip access-group DENY in

But apart from that your acl is fine.

Jon

Please rate helpful posts

1 REPLY
Hall of Fame Super Blue

Re: Guest VLAN - Access

melwin.uk wrote:


Melwin

You only need to apply this acl inbound on the vlan 5 interface and not outbound ie.

int vlan 5

ip access-group DENY in

But apart from that your acl is fine.

Jon

Please rate helpful posts

557
Views
0
Helpful
1
Replies