cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community

Cisco announces new innovations in SD-WAN, ISRs, SD-WAN Services, and Catalyst 9000 Series switches


111
Views
0
Helpful
2
Replies
Highlighted
Beginner

Blocking server access using extended ACL

Dear All,

 

I came across a scenario where this network is running a 192.168.8.1/255.255.248.0 which basically starts a big host range of 192.168.8.1 - 192.168.15.254. Now i am asked to give server access to limited users. Server IP here is 192.168.11.13 and users from these IP's are only allowed to have access to the server (192.168.10.15, 192.168.8.35, 192.168.9.236). How should i accomplish this task since it is part of one big vlan ? Need help guys in this regard.

 

Thanks & Regards

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Mentor

Re: Blocking server access using extended ACL

Hello,

 

you could use  a Vlan ACL. Below is an example. The access list defines what you want to permit, and the VACL is applied to Vlan 2:

 

access-list 101 permit ip host 192.168.11.13 host 192.168.10.15
access-list 101 permit ip host 192.168.11.13 host 192.168.8.35
access-list 101 permit ip host 192.168.11.13 host 192.168.9.236

!

3750X(conf)#vlan access-map SERVER_ACCESS 10
3750X(config-access-map)#match ip address 101
3750X(config-access-map)#action forward
3750X(conf)#vlan access-map SERVER_ACCESS 20
3750X(config-access-map)#action drop
3750X(conf)#vlan filter SERVER_ACCESS vlan-list 2

 

2 REPLIES
VIP Mentor

Re: Blocking server access using extended ACL

Hello,

 

you could use  a Vlan ACL. Below is an example. The access list defines what you want to permit, and the VACL is applied to Vlan 2:

 

access-list 101 permit ip host 192.168.11.13 host 192.168.10.15
access-list 101 permit ip host 192.168.11.13 host 192.168.8.35
access-list 101 permit ip host 192.168.11.13 host 192.168.9.236

!

3750X(conf)#vlan access-map SERVER_ACCESS 10
3750X(config-access-map)#match ip address 101
3750X(config-access-map)#action forward
3750X(conf)#vlan access-map SERVER_ACCESS 20
3750X(config-access-map)#action drop
3750X(conf)#vlan filter SERVER_ACCESS vlan-list 2

 

Beginner

Re: Blocking server access using extended ACL

Thanks alot georg pauwen. It was really easy and helpfull.

 

Regards,

Talha

CreatePlease to create content
Content for Community-Ad