Solved: Dear imranaman,If you want to

imranaman · ‎04-13-2014

I am providing the internet to different outside client, I want to allow only internet access and ristrict to server vlan

my server vlan is 192.168.205.0

vlan for client 10.1.13.0 vlan 700

Client network 192.168.121.0

i have created the following access list:

10 deny ip 192.168.121.0 0.0.0.255 192.168.0.0 0.0.255.255

20 permit ip 192.168.121.0 0.0.0.255 any

route-map EK permit 10

match ip address EK

set ip next-hop 192.168.221.10

Applied to the client vlan 700

Traffic is matched with access list

Extended IP access list EK

10 deny ip 192.168.121.0 0.0.0.255 192.168.0.0 0.0.255.255 (3 matches)

20 permit ip 192.168.121.0 0.0.0.255 any (3 matches)

but client still able to access my server vlan

What should i do

Sajid Ali · ‎04-14-2014

Dear imranaman,

If you want to deny user to access web server and may remain use internet, there is no need for route-map just apply access-list on interface that directly connected with user VLAN.

Don't forget to rate helpful posts.

Sajid Ali Pathan

View solution in original post

Sajid Ali · ‎04-14-2014

Dear imranaman,

If you want to deny user to access web server and may remain use internet, there is no need for route-map just apply access-list on interface that directly connected with user VLAN.

Don't forget to rate helpful posts.

Sajid Ali Pathan

IP ROUTE MAP ISSUE Version 12.2(54)SG