03-20-2019 06:27 PM
I'm a huge noob with Cisco routing and ACL's and need some help. Keep in mind, I accrued this network.
Layer 3 Core Switch with ACL's: cisco WS-3750X
We have a set of Internal VLANs under the following IP Schemes: 10.20.X.X and 10.222.X.X
We have another set of VLANS used for guest and the public: 10.200.X.X
We do not want 10.200.0.0 to access the 10.20.X.X and 10.222.X.X networks. How should I proceed with creating ACLs to get this working?
Thanks in advance!
03-20-2019 08:44 PM
Hi,
You can configure VACL for the same. Here is a configuration guide for the same. Suppose VLAN 2 used for the Guest users.
interface Vlan2
Des Guest
ip address 10.200.X.X 255.255.255.0
!
interface Vlan3
Des User1
ip address 10.20.X.X 255.255.255.0
!
interface Vlan3
Des User2
ip address 10.222.X.X 255.255.255.0
!
access-list 101 permit ip 10.200.X.X 0.0.0.255 10.20.X.X 0.0.0.255
access-list 101 permit ip 10.200.X.X 0.0.0.255 10.222.X.X 0.0.0.255
!
access-list 102 permit ip any any
!
vlan access-map VACL 10
match ip address 101
action drop
!
vlan access-map VACL 20
match ip address 102
action forward
!
vlan filter VACL vlan-list 2
Reagrds,
Deepak Kumar
03-20-2019 08:49 PM
Hi @kcTheAdmin ,
Assuming that your networks have a /24 mask, try this:
access-list 10 deny 10.200.X.X 0.0.0.255
access-list 10 permit any
Now, this list must be applied to the two interfaces in which the networks to be denied are configured.
Assuming that these networks are associated with VLANs 10 and 20:
interface vlan 10
ip access-group 10 out
interface vlan 20
ip access-group 10 out
I hope this is useful for you
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide