Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1167
Views
0
Helpful
4
Replies

Isolation a vlan with only internet access.

Kanwar
Level 1
Level 1

‎11-18-2004 05:34 PM - edited ‎03-02-2019 08:03 PM

Hi,

I like to create one vlan and allow only tcp port 80. I am running layer three switches. we have multiple vlans running within the network. my question is that do I just apply an access list on layer three vlan interface inbound or both in and out. Thanks in advance

Labels:
0 Helpful
4 Replies 4

glen.grant
VIP Alumni
VIP Alumni

‎11-18-2004 07:45 PM

That should be all you need on your l3 switch . Whether you apply it both in or out is really up to you and how you want it to affect your traffic , if want only port 80 in and out then apply it in and out .

0 Helpful

Kanwar
Level 1
Level 1
In response to glen.grant

‎11-18-2004 08:43 PM

Thanks, how about the packets that are switched and not routed. does the access-list applies to them too.

Thanks

0 Helpful

milan.kulik
Level 10
Level 10
In response to Kanwar

‎11-19-2004 12:13 AM

Hi,

you can apply ACLs to L2 interfaces and even VLANs.

But there are pretty complicated rules and limitations on 3550s.

See http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225se/3550scg/swacl.htm#wp1046692

for details.

Regards,

Milan

0 Helpful

Kanwar
Level 1
Level 1
In response to milan.kulik

‎11-19-2004 07:44 AM

we have more then one vlan. I like to use an exteneded access-list on that perticular vlan.I like to allow dhcp request and port 80 only. what is best vlan map or exteneded access-list. so anyone who is on that vlan will have internet access only. Thanks

0 Helpful
Customers Also Viewed These Support Documents