Re: Access Control List...

hyukin.kwon · ‎10-14-2004

Hi all,

I have a Catalyst 6509 and a 3524XL(12.0(5.3)WC(1).

They are conneted with each other through TRUNK (ISL) .

The Cat3524 have two Vlans .Default Vlan is for Management. and the other is for users

I applyed an ACL on vlan 1 to block spoofing IP address, and the communication was disconnected.

Question is, How Can I apply the ACL in the Cat3524XL to block some spoofing IP Address ?

and Is that possible ?

The configuration is..

interface FastEthernet0/22

switchport access vlan 3

!

interface FastEthernet0/23

switchport access vlan 3

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface VLAN1

ip address 192.168.1.1 255.255.255.0

no ip directed-broadcast

no ip route-cache

ip access-list 100 in

!

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

access-list 100 deny ip any any log

Thanks in advance

Richard Burts · ‎10-14-2004

I think the logic should be like this: you want an access list inbound on int VLAN1 which will deny any packet coming into the interface whose source address is in the subnet found on VLAN1. The access list would then permit other traffic. It would look something like this:

access-list 101 deny ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip any any

HTH

Rick

HTH

Rick