02-18-2024 02:11 PM - last edited on 02-18-2024 10:16 PM by Translator
closed the thread too quick I think:
So I tried this, below. I can ping another host in the same vlan (vlan10) but can not ping the router (192.168.1.1)
(should I 'permit' the router separately? so that vlan 10 keeps connectivity with the WAN side (internet).
This is what I have:
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip access-group vlan10only in
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in
ip access-list extended vlan10only
permit ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.0.0 0.0.255.255
permit ip any any
thanks,
Ron
Solved! Go to Solution.
02-18-2024 02:48 PM - last edited on 02-18-2024 10:15 PM by Translator
Hello Ron
FYI-
ip access-list extended vlan10only
permit ip any host 192.168,1,1
permit ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.0.0 0.0.255.255
permit ip any any
02-18-2024 02:48 PM - last edited on 02-18-2024 10:15 PM by Translator
Hello Ron
FYI-
ip access-list extended vlan10only
permit ip any host 192.168,1,1
permit ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.0.0 0.0.255.255
permit ip any any
02-18-2024 03:11 PM
Hello Paul,
perfect, that's exactly what I was looking for, it works. everything can reach everything else in that vlan, but a host in it can only get out on the internet, and nothing local canget into that vlan, just how I wanted it.
thanks!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide