cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
435
Views
0
Helpful
7
Replies

Access restrict

jopetik09
Level 1
Level 1

Hi All,

In my network we have three 3 VLANS set up on my 3560G switch. 
Can anyone tell me how I can allow pcs on VLANS 1 and 3 access to VLAN 2 but should not to others
And VLAN 1 should not to get to VLAN 3 or VLAN 3 should not get to VLAN 1.

Jopeti.

3 Accepted Solutions

Accepted Solutions

Latchum Naidu
VIP Alumni
VIP Alumni

Jopeti

This is not much clear but of course you can try like below... I am just assuming Vlan address, you can take your real address...


vlan 1 = 10.10.10.0/24
vlan 3 = 10.10.12.0/24


access-list stop_vlan1 extended
deny ip 10.10.10.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip any any


access-list stop_3 extended
deny ip 10.10.12.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip any any


Interface vlan 1
ip access-group stop_3 in


Interface vlan 3
ip access-group stop_vlan1 in


Please rate the helped posts...


Regards,
Naidu.

View solution in original post

No problem...

Is there any switch ports configured under this vlan or not?
Because untill you associate any ports to that vlan it wont come up...

Please rate all the helped posts...


Regards,
Naidu.

View solution in original post

Jopeti,

Log into your switch and go to any interface which you want to access respectively
Give commands like below

Switch# int gi4/39
switch port access vlan 2
switch port mode access

Then see the status, it should up up now...


Please rate all the helped posts...

Regards,
Naidu.

View solution in original post

7 Replies 7

Latchum Naidu
VIP Alumni
VIP Alumni

Jopeti

This is not much clear but of course you can try like below... I am just assuming Vlan address, you can take your real address...


vlan 1 = 10.10.10.0/24
vlan 3 = 10.10.12.0/24


access-list stop_vlan1 extended
deny ip 10.10.10.0 0.0.0.255 10.10.12.0 0.0.0.255
permit ip any any


access-list stop_3 extended
deny ip 10.10.12.0 0.0.0.255 10.10.10.0 0.0.0.255
permit ip any any


Interface vlan 1
ip access-group stop_3 in


Interface vlan 3
ip access-group stop_vlan1 in


Please rate the helped posts...


Regards,
Naidu.

I am sorry for that not clear But your suggestion seems OK.
But when i give the following command #sh ip int brief
I found that Vlan 2 is down down...What could be the problem


Jopeti

No problem...

Is there any switch ports configured under this vlan or not?
Because untill you associate any ports to that vlan it wont come up...

Please rate all the helped posts...


Regards,
Naidu.

OK, what should i do to associate the ports...

Jopeti.

Jopeti,

Log into your switch and go to any interface which you want to access respectively
Give commands like below

Switch# int gi4/39
switch port access vlan 2
switch port mode access

Then see the status, it should up up now...


Please rate all the helped posts...

Regards,
Naidu.

Thansk....It is cleare and working now

Jopeti.

Hi,

To associate VLAN2 to port f0/3:

interface f0/3

switchport mode access

switchport access vlan 2

Regards.

Alain.

Don't forget to rate helpful posts.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: