07-17-2020 02:39 PM
I have a router-on-a-stick that is connected to a switch to 3 workstations that are one connected to VLAN 2 & VLAN 3. 2 workstations are connected to VLAN2 while the other one is connected to VLAN3. Now the problem is that i need to deny network traffic frm workstations that are connected on VLAN2 to VLAN3. But i cant seem to do that even tho i tried using standard ACL or extended ACL. Any1 can help??
02-09-2021 02:34 AM - edited 02-09-2021 02:44 AM
03-25-2022 03:57 PM
Hello,
make sure your config looks like this:
Router
access-list 101 deny ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
!
interface GigabitEthernet0/0.2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0
ip access-group 101 in
!
interface GigabitEthernet0/0.3
encapsulation dot1q 3
ip address 192.168.3.1 255.255.255.0
03-26-2022 12:12 PM
Hello
Please see example below which will negate traffic originating from within the vlan towards either vlan:
Ip access-list extended vlan2
remark no vlan3
deny ip any 10.0.3.0 0.0.0.255
permit ip any any
Ip access-list extended vlan3
remark no vlan2
deny ip any 10.0.2.0 0.0.0.255
permit ip any any
interface GigabitEthernet0/0.2
encapsulation dot1q 2
ip address 10.0.2.254 255.255.255.0
ip access-group vlan2 in
interface GigabitEthernet0/0.3
encapsulation dot1q 3
ip address 10.0.3.254 255.255.255.0
ip access-group vlan3 in
03-27-2022 04:14 PM
BTW, what @Georg Pauwen and @paul driver posted should be similar to what you need, in fact, your router is using a .Q trunk, and subinterfaces, and VLANs 2 and 3 are tagged. Is that how you're configured?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide