Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
0
Helpful
7
Replies

VLAN Routing

Sureshdank
Level 1
Level 1

‎08-22-2006 04:14 AM - edited ‎03-03-2019 04:37 AM

Dear all,

I have configured multiple vlans on my 4506 switch. One of the vlan ip subnet is 172.18.1.0/255.255.255.0 and vlan interface ip address is 172.18.1.1( Every systems gateway in that vlan)

Now what I want is to allow only ips from 172.18.1.2 to 172.18.1.50 to communicate with other vlans and where as 172.18.1.51 to 172.18.1.254 not to communicate with other vlans.

Can any body tell would vlan acls or extented acls will be the right choice. If any then the config what should I do.

Labels:
0 Helpful
7 Replies 7

devang_etcom
Level 7
Level 7

‎08-22-2006 04:21 AM

i think you can configure as per your requirement using IP acl...by just denying the perticular ip to access that perticular vlan...

regards

Devang

0 Helpful

Sureshdank
Level 1
Level 1
In response to devang_etcom

‎08-22-2006 08:29 PM

Devang,

Actually I want 172.18.1.2 to 172.18.1.50 to reach any traffic. But when you come to 172.18.1.51 to 172.18.1.254 I want them to reach only two vlans and remaning traffic need to be deny.

What could be the right configuration.

0 Helpful

rameshwarhiwale
Level 1
Level 1
In response to Sureshdank

‎08-22-2006 09:25 PM

IP acls are right.

0 Helpful

royalblues
Level 10
Level 10
In response to rameshwarhiwale

‎08-22-2006 09:57 PM

Ramesh,

you can use IP access-lists but considering your requirement there will be a lot of access-lists entries because it will be difficult to choose a wildcard mask for your requirement.

You may have too rethink on the IP design before you want to apply ACLS.

HTH

Narayan

0 Helpful

Sureshdank
Level 1
Level 1
In response to rameshwarhiwale

‎08-22-2006 10:02 PM

Dear all,

I have applied the below access-list and applied on the vlan interface.

ip access-list extended ota-acc

1 permit ip 172.18.1.0 0.0.0.64 any

2 permit ip 172.18.1.0 0.0.0.255 192.168.249.0 0.0.0.255

3 permit ip 172.18.1.0 0.0.0.255 172.20.0.0 0.0.255.255

4 deny ip any any

But it dosent work.

Regards,

0 Helpful

devang_etcom
Level 7
Level 7
In response to Sureshdank

‎08-22-2006 09:58 PM

hi suresh...

we can try route maps also...

where you are going to be use access-list where you permit your hosts...then you will configure the route-maps with deny key word where you are matching the ip address of the access-list and then you can set their next hop as null0 interface it means disacrding...

lets try it...

rate this post if it works

regards

Devang

0 Helpful

Sureshdank
Level 1
Level 1
In response to devang_etcom

‎08-22-2006 10:45 PM

Devang,

I will explain you the complete scenario,

I have vlan with IP subnet 172.18.1.0/24. In this I want 50 IPs to get everything i.e. DMZ, Internet, Inter Vlan through my proxy server but for remaning IPs I want them to access only my server farm and Inter vlan without proxy.

For this what I have done is I have applied the ip access-list which I shown in my last post and then I have created route-map to route the permited packets to next hop.

Regards,

0 Helpful
Customers Also Viewed These Support Documents