Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


1807
Views
0
Helpful
1
Replies
stownsend
Explorer
Explorer
‎05-26-2011 03:31 PM
‎05-26-2011 03:31 PM

SG300 Routing between VLANs. I dont want to route some traffic.

I'm using an

SG300-28P as our VLAN interconnect between our ISP and Firewalls as well as remtoe Offices.

So there are several VLANs that we have on the unit:

101     10.1.x.x Internal Subnet

102     10.2.x.x Internal Subnet

10#     10.#.x.x Internal Subnet

192     192.168.0.x Subnet for Public Use in our Building

198     Our Public IP Address Space 1

204     Our Public IP Address Space 2

So Obviously I want to be able to route between the 10.#.x.x Subnets.

Though I dont want to route between the other Subnets.

How can I setup the ACLs to make sure that someone on one of the 3 Public Subnets does not try to Connect to the Internal Subnets.

Is it Allow All IP and then a Deny 192,198, 204 as source to the 10# VLANs?

Or is it Deny 192,198, 204 as source to the 10# VLANs then Allow All IP  (or Allow 10.1, 10.2, 10.#)?

Thanks,

  Scott<-

Labels:
0 Helpful
1 REPLY 1
David Hornstein
Rising star
Rising star
‎05-26-2011 07:33 PM
‎05-26-2011 07:33 PM

Hi Scott,

I responded to a question regarding ACL on the 300 series and included screen shots. 

the bottom line is;

1. the IP based ACL use reverse masks, ie. 192.168.10.0  mask= 0.0.0.255 and

2. the ACL is bound on a interface to check ingress of pattern matches against ACL.

3. there is a implicit deny at the end of a pattern match so the last ACE entry in a list might be a permit all.

check out my discussion from the URL below, it works very well and  at wire speed, have fun

regards Dave

https://supportforums.cisco.com/message/3265075#3265075

0 Helpful
Latest Contents
(Podcast) S8|E41 Enabling a Hybrid Workspace and Workforce
Created by Amilee San Juan on 10-19-2021 04:06 PM
0
0
0
0
Listen: https://smarturl.it/CCRS8E41 Follow us: https://twitter.com/CiscoChampion    Let’s face it: today’s work is hybrid. Making hybrid work requires more than collaboration tools and SaaS applications. It’s about connecting people, dispa... view more
Cisco Business Dashboard Emulator
Created by CoreyP319 on 09-20-2021 08:06 AM
0
0
0
0
Cisco Business Dashboard             Cisco Business Dashboard Online Emulator (ver. 2.3.0.20210709)   (username: demo password: demo)   This system allows Cisco customers to access a demonstrat... view more
Networking myths. What other myths would you like busted?
Created by Kelli Glass on 08-13-2021 03:32 PM
2
0
2
0
Join David Bombal as he busts the myths around Cisco Designed while building out an SMB network right at his desk.  David, a CCIE, CCSI and an educator, has delivered training courses all around the globe across multiple Cisco topics. And he’s desig... view more
#CiscoChat Live - SMB Challenge: thriving locally while maki...
Created by greghami on 06-23-2021 12:23 PM
0
0
0
0
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. &nbs... view more
#CiscoChat Live - SMB Challenge: thriving locally while maki...
Created by greghami on 06-23-2021 12:20 PM
2
0
2
0
This Chat covers the intersection of technology and social impact from community to global levels. Learn how digital maturity accelerates SMB growth and profits that can fund social programs and enable sustainable business practices like remote work. We'l... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Polls
How would you describe your level of technical expertise?
Show Choices
Hide Choices