Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2369
Views
4
Helpful
16
Replies

Deny access to other VLAN and only access for Server VLAN

Go to solution
bryg0d
Level 1
Level 1

‎12-15-2023 12:23 AM - last edited on ‎12-25-2023 10:38 PM by Community Manager

Hi everyone, I am trying to deny VLANs to each other and only be reaching server VLAN. My commands below is successful on packet tracer but failed during implementation.

ip access-list ext DenyVlans_50
permit ip 172.16.50.0 0.0.0.255 172.16.36.0 0.0.3.255 [ 172.16.36.0 /22 is my Server Vlan]
deny ip 172.16.50.0 0.0.0.255 172.16.0.0 0.0.255.255 [172.16.0.0 0.0.255.255 is the supernet of all 30 VLANs]
permit ip any any [ for internet ]

int vlan 50
ip access-group DenyVlans_50 in

From my understanding, VLAN50 will allow access to Server Vlan then deny any other VLANs inside the supernet 172.16.0.0 /16.

16 Replies 16

Go to solution
bryg0d
Level 1
Level 1
In response to MHM Cisco World

‎12-20-2023 10:38 PM

Hi MHM,

What can I add in the ACL if I want 1 PC (172.16.99.34) in IT (vlan999) to reach every vlan in the network?

0 Helpful

Go to solution
paul driver
VIP
VIP

‎12-19-2023 12:05 AM

Hello

@bryg0d wrote:

ACL below is already applied on the SVI. Tried to ping test inside the core switch using IP of different SVI's but it's reachable. Will try to test later on the endpoints/pc.

Can you confirm the ip range of all the vlans (inc.. the server vlan) please


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents