03-23-2022 12:19 AM
Hi Team
I need block VLANs from 4-9 & 60-69 to communicate each other, But i need them to communicate with (IT, Printer and Servers)
VLAN 4: 192.168.4.0/24
VLAN 6: 192.168.6.0/24
VLAN 9: 192.168.9.0/24
VLAN 60: 192.168.60.0/24
VLAN 65: 192.168.65.0/24
VLAN 69: 192.168.69.0/24
VLAN IT: 192.168.177.0/24
VLAN Printer: 192.168.70.0/24
Servers:
VLAN 20: 10.10.20.0/24
VLAN 109: 192.168.109.240/28
VLAN 136: 172.22.136.0/24
VLAN 98: 172.98.10.224/29
------------------------------------------
I create extended access-list name 100
deny ip 192.168.0.0 0.0.15.255 192.168.0.0 0.0.15.255
deny ip 192.168.0.0 0.0.127.255 192.168.0.0 0.0.127.255
permit ip any any
and applied it for interface vlan 4:
ip access-group 100 in
---------------------
I can't ping vlan 4-9 and 60-69.(good)
but i can't ping printer and Server vlan 109
can any one help me?
03-24-2022 03:32 AM
Hello,
post all networks that are configured, so we can exclude any networks that should not be affected. We can only suggest based on the information you give. We have no way of knowing if (and what) other subnets exist.
03-24-2022 01:48 PM - edited 03-24-2022 01:49 PM
Hello
@aasimomerosman
Apply that extended ACL I supplied, and it should provide you the restriction you are looking for.
03-23-2022 12:45 PM
Friend when you have one subnet want to access and other want to deny, reverse the ACL to be
permit VLAN"printer" VLAN4
deny any
this solve the complex of ACL with subnet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide