Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
266
Views
0
Helpful
1
Replies

configure network security acl

erodrig
Level 1
Level 1

‎02-01-2005 05:26 PM - last edited on ‎03-25-2019 02:58 PM by Community Manager

hi, i have a catalyst 4006 with supIV this is my config, i want that just vlans 2,11 and 12 can reach between them, for this i configure some acl but is not working, is something missing?

this is the config

interface Vlan2

description VLAN VALEO NET ISOLATION

ip address 10.133.0.10 255.255.255.192

ip access-group 122 in

!

interface Vlan3

description VLAN LAN SWITCHES

ip address 10.133.0.65 255.255.255.192

!

interface Vlan4

description VLAN R&D AREA

ip address 10.133.1.1 255.255.255.0

!

interface Vlan5

description VLAN IT RESOURCES

ip address 10.133.2.1 255.255.255.0

!

interface Vlan6

description VLAN PRINTERS

ip address 10.133.3.1 255.255.255.0

!

interface Vlan7

description VLAN WORKSTATIONS

ip address 10.133.4.1 255.255.252.0

ip helper-address 10.133.2.29

ip helper-address 10.133.2.31

!

interface Vlan8

description VLAN WIRELESS-SYSTEM

ip address 10.133.8.1 255.255.255.0

ip helper-address 10.133.2.29

ip helper-address 10.133.2.31

!

interface Vlan9

description VLAN HUMAN RESOURCES

ip address 10.133.9.1 255.255.255.224

ip helper-address 10.133.2.29

ip helper-address 10.133.2.31

!

interface Vlan10

description VLAN REPORTING

ip address 10.133.9.33 255.255.255.224

!

interface Vlan11

description VLAN INFORMATION-TRANSFERS

ip address 10.133.9.65 255.255.255.224

ip access-group 131 in

!

interface Vlan12

description VLAN IT-HELPDESK

ip address 10.133.9.97 255.255.255.224

ip access-group 132 in

ip helper-address 10.133.2.29

ip helper-address 10.133.2.31

!

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.133.0.1

ip http server

!

!

access-list 122 permit ip 10.133.0.0 0.0.0.63 10.133.9.96 0.0.0.31

access-list 122 permit ip 10.133.0.0 0.0.0.63 10.133.9.64 0.0.0.31

access-list 122 deny ip any any

access-list 131 permit ip 10.133.9.64 0.0.0.31 10.133.0.0 0.0.0.63

access-list 131 permit ip 10.133.9.64 0.0.0.31 10.133.9.96 0.0.0.31 log

access-list 131 deny ip any any

access-list 132 permit ip 10.133.9.96 0.0.0.31 10.133.0.0 0.0.0.63

access-list 132 permit ip 10.133.9.96 0.0.0.31 10.133.9.64 0.0.0.31 log

access-list 132 deny ip any any

!

the version is "bootflash:cat4000-i9s-mz.121-19.EW1.bin"

thanks

Labels:
0 Helpful
1 Reply 1

aashish.c
Level 4
Level 4

‎02-01-2005 11:18 PM

Hi,

As per my understanding the ACLs should be like this, please correct me if i`m wrong.

for Vlan2 :

access-list 122 permit ip 10.133.9.96 0.0.0.31 10.133.0.0 0.0.0.63

access-list 122 permit ip 10.133.9.64 0.0.0.3110.133.0.0 0.0.0.63

access-list 122 deny ip any any

For Vlan 11 :

access-list 131 permit ip 10.133.0.0 0.0.0.63 10.133.9.64 0.0.0.31

access-list 131 permit ip 10.133.9.96 0.0.0.31 10.133.9.64 0.0.0.31 log

access-list 131 deny ip any any

For Vlan 12 :

access-list 132 permit ip 10.133.0.0 0.0.0.63 10.133.9.96 0.0.0.31

access-list 132 permit ip 10.133.9.64 0.0.0.31 10.133.9.96 0.0.0.31 log

access-list 132 deny ip any any

regards

aashish C

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card