07-07-2004 06:32 AM - edited 03-02-2019 04:53 PM
Hey All,
I am trying to tighten down a vlan on my network. I have a 4006 with 2 vlans right now. Vlan 1 has all of the servers that are needed. Couple of web servers, DNS servers, DHCP and file servers.
Vlan 3 is the other vlan. I have created an ACL is mimics the following:
access-list 102 permit ip any host 10.1.254.10
access-list 102 permit ip any host 10.1.254.11
access-list 102 permit ip any host 10.1.254.12
access-list 102 permit ip any host 10.1.254.15
access-list 102 permit ip any host 10.1.254.16
access-list 102 permit ip any host 10.1.254.20
access-list 102 permit ip any host 10.1.254.22
access-list 102 permit ip any host 10.1.254.23
access-list 102 deny ip any any
I used the following to assign it to the Vlan 3 on the 4006
ip access-group 102 in
I knew that web traffic would stop, but I need to find out a way to allow traffic that is not going to either vlan to pass through.
Does that make sense?
Thanks for your insight
Matt
Solved! Go to Solution.
07-07-2004 07:32 AM
Matt,
Change your acl as follows:
access-list 102 permit ip any host 10.1.254.10
access-list 102 permit ip any host 10.1.254.11
access-list 102 permit ip any host 10.1.254.12
access-list 102 permit ip any host 10.1.254.15
access-list 102 permit ip any host 10.1.254.16
access-list 102 permit ip any host 10.1.254.20
access-list 102 permit ip any host 10.1.254.22
access-list 102 permit ip any host 10.1.254.23
access-list 102 deny ip any 10.1.254.0 0.0.0.255
access-list 102 permit ip any any
The second last line will deny any traffic going to 10.1.254.0 network (only the specific hosts permitted in the first 8 lines are allowed). Similarly you can add another line to deny any other traffic going to vlan 2.
Note that extended ACL (numbered) have to be removed first and recreated. The best practice is to copy the ACL statements to a notepad and edit it.
07-07-2004 07:32 AM
Matt,
Change your acl as follows:
access-list 102 permit ip any host 10.1.254.10
access-list 102 permit ip any host 10.1.254.11
access-list 102 permit ip any host 10.1.254.12
access-list 102 permit ip any host 10.1.254.15
access-list 102 permit ip any host 10.1.254.16
access-list 102 permit ip any host 10.1.254.20
access-list 102 permit ip any host 10.1.254.22
access-list 102 permit ip any host 10.1.254.23
access-list 102 deny ip any 10.1.254.0 0.0.0.255
access-list 102 permit ip any any
The second last line will deny any traffic going to 10.1.254.0 network (only the specific hosts permitted in the first 8 lines are allowed). Similarly you can add another line to deny any other traffic going to vlan 2.
Note that extended ACL (numbered) have to be removed first and recreated. The best practice is to copy the ACL statements to a notepad and edit it.
07-07-2004 09:24 AM
Thanks mate, it worked like a charm
Matt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide