Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
1
Helpful
2
Replies

separating/isolating a vlan (round 2)

Go to solution
roncro
Level 3
Level 3

‎02-18-2024 02:11 PM - last edited on ‎02-18-2024 10:16 PM by Community Manager

closed the thread too quick I think:

So I tried this, below.  I can ping another host in the same vlan (vlan10)  but can not ping the router (192.168.1.1)

(should I 'permit' the router separately?  so that vlan 10 keeps connectivity with the WAN side (internet).

This is what I have:

interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip access-group vlan10only in
ip helper-address 192.168.1.1
ip directed-broadcast
ip nat inside
ip virtual-reassembly in

ip access-list extended vlan10only
permit ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.0.0 0.0.255.255
permit ip any any


thanks,

Ron

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎02-18-2024 02:48 PM - last edited on ‎02-18-2024 10:15 PM by Community Manager

Hello Ron

FYI-


ip access-list extended vlan10only
permit ip any host 192.168,1,1
permit ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.0.0 0.0.255.255
permit ip any any

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

2 Replies 2

Go to solution
paul driver
VIP
VIP

‎02-18-2024 02:48 PM - last edited on ‎02-18-2024 10:15 PM by Community Manager

Hello Ron

FYI-


ip access-list extended vlan10only
permit ip any host 192.168,1,1
permit ip any 192.168.10.0 0.0.0.255
deny ip any 192.168.0.0 0.0.255.255
permit ip any any

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
roncro
Level 3
Level 3
In response to paul driver

‎02-18-2024 03:11 PM

Hello Paul,

 

perfect, that's exactly what I was looking for, it works. everything can reach everything else in that vlan,  but a host in it can only get out on the internet, and nothing local canget into that vlan, just how I wanted it.

thanks!

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card