Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
0
Helpful
2
Replies

ACL on 3550

d.gallarato
Level 1
Level 1

‎08-23-2002 01:02 AM - edited ‎03-02-2019 12:52 AM

Hi all.

We have a 3550 with EMI.

We use it to intervlan routing to 4 vlans.

Now we want to block some traffic from a vlan to another, but the only way is to use vlan map (because we have ip address only in interfaces vlan).

But we have some misunderstoods, because we don't understand if traffic is checked inbound or outbound.

Our need is to block some pc to go to the Internet, while they have to go to servers vlan.

We have try some configuration, but there are problems yet.

Thanks for any explanation or example.

D

Labels:
0 Helpful
2 Replies 2

Prashanth Krishnappa
Cisco Employee
Cisco Employee

‎08-23-2002 02:27 PM

You can apply access-groups to VLAN interfaces..I just tried this in lab

interface Vlan1

ip address x.x.x.x 255.255.255.0

ip access-group 102 in

no ip route-cache

shutdown

!

interface Vlan100

no ip address

no ip route-cache

!

ip default-gateway x.x.x.x

ip http server

!

!

access-list 102 permit tcp any 128.88.0.0 0.0.255.255 gt 1023

access-list 102 permit tcp any host 128.88.1.2 eq smtp

access-list 102 permit icmp any any

0 Helpful

efrahim
Level 4
Level 4

‎08-23-2002 07:39 PM

YOu can configure the ACl on the vlan interface like other interface. With VLan man, you can not only combine ACl but also restrict users in the same vlan.

Here is the URL that 'll help you to clear more.

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1219ea1/3550scg/swacl.htm#xtocid3

SVI means " vlan interfaces""

You can apply router ACLs on switch virtual interfaces (SVIs), which are Layer 3 interfaces to VLANs; on physical Layer 3 interfaces; and on Layer 3 EtherChannel interfaces. Router ACLs are applied on interfaces for specific directions (inbound or outbound). You can apply one IP access list in each direction.

One ACL can be used with multiple features for a given interface, and one feature can use multiple ACLs. When a single router ACL is used by multiple features, it is examined multiple times.

Standard IP access lists use source addresses for matching operations.

Extended IP access lists use source and destination addresses and optional protocol type information for matching operations.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card