Re: Inter VLAN ACL - Page 2

aasimomerosman · ‎03-23-2022

Hi Team

I need block VLANs from 4-9 & 60-69 to communicate each other, But i need them to communicate with (IT, Printer and Servers)

VLAN 4: 192.168.4.0/24

VLAN 6: 192.168.6.0/24

VLAN 9: 192.168.9.0/24

VLAN 60: 192.168.60.0/24

VLAN 65: 192.168.65.0/24

VLAN 69: 192.168.69.0/24

VLAN IT: 192.168.177.0/24

VLAN Printer: 192.168.70.0/24

Servers:

VLAN 20: 10.10.20.0/24

VLAN 109: 192.168.109.240/28

VLAN 136: 172.22.136.0/24

VLAN 98: 172.98.10.224/29

------------------------------------------

I create extended access-list name 100

deny ip 192.168.0.0 0.0.15.255 192.168.0.0 0.0.15.255

deny ip 192.168.0.0 0.0.127.255 192.168.0.0 0.0.127.255

permit ip any any

and applied it for interface vlan 4:

ip access-group 100 in

---------------------

I can't ping vlan 4-9 and 60-69.(good)

but i can't ping printer and Server vlan 109

can any one help me?

Georg Pauwen · ‎03-24-2022

Hello,

post all networks that are configured, so we can exclude any networks that should not be affected. We can only suggest based on the information you give. We have no way of knowing if (and what) other subnets exist.

paul driver · ‎03-24-2022

Hello

@aasimomerosman
Apply that extended ACL I supplied, and it should provide you the restriction you are looking for.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MHM Cisco World · ‎03-23-2022

Friend when you have one subnet want to access and other want to deny, reverse the ACL to be

permit VLAN"printer" VLAN4
deny any

this solve the complex of ACL with subnet.