Re: access-list on intervlan

rechard_david · ‎04-28-2008

Dear Experts,

Please advice !!!!

I would like to do,

1- All the Vlan can access to IP 50.50.50.50 ( Internet)

2- PC on Vlan 10 can access all the vlan and ip 50.50.50.50 but all the vlan cannot access to Vlan 10

3- PC on Vlan 20 can access only Vlan30 but vlan 30 cannot access all the vlan include vlan20( but the both this Vlan can access internet

Please see in the attach file.

Please help me to edit access-list on the router.

itindia · ‎04-29-2008

Hi,

On each Vlan you need to block traffice from subnet to Vlan 10.

Say you have Vlan 40 with ip address 192.168.5.0/24.

use acl as follows:

acl-list 105 deny ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255 (the Vlan to which you want to block access.

Same goes for rest of the vlans which you want to block.

Acl-list 105 permit ip any any

any any will allow access to internet.

int vlan 40

ip access-group in

So you can customize your vlan in terms of security.

Reg,

Sushil