Solved: IP Access lists on a 3750 - Page 2

clydeds · ‎07-26-2006

I have a stacked 3750 with 3 VLAN's. VLAN1 for management, VLAN 2 for the production network and VLAN 3 for test. I need to restrict HTTP from VLAN 3 to a few hosts in VLAN2. I've attached the configuration I am using. This does not seem to work. Any ideas on what I am doing wrong.

clydeds · ‎07-28-2006

Rick

Thanks for the guidance. I finally got this right with help from the config that you sent.

I guess I did not state my requirements correctly. Clients in VLAN 3 need to be able to access all servers in VLAN 2 but need to only access few servers (like in your example) using http. Basically the intent is to block web (Intranet and Internet) access to VLAN3. VLAN2 is our gateway to the rest of the world.

This was the config used.

conf t

access-list 100 permit tcp 10.1.3.0 0.0.0.255 host 10.1.2.4 eq www

access-list 100 permit tcp 10.1.3.0 0.0.0.255 host 10.1.2.3 eq www

access-list 100 deny tcp 10.1.3.0 0.0.0.255 any eq www

access-list 100 permit ip any any

int vlan 3

ip access-group 100 in

end

Thanks

Clyde

Richard Burts · ‎07-28-2006

Clyde

I am glad that we finally have found a solution for your question. Thanks for rating and for marking the question as solved. It makes the forum more useful when we can read about a question or a problem and can know that a solution was successful.

I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick