cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
682
Views
1
Helpful
6
Replies

Access each other between 2 vlan on switch layer 3 ( 3750)

pvhoait01
Level 1
Level 1

Hi Everyone

Can someone help me to fix my issue?

i have configured 2 VLAN on same switch 3750 as below ( i have configured routing between 2 vlan), i need only allow pc1 (172.16.1.1) access www server 1(192.168.1.1) and pc2( 192.168.1.2) access telnet server 2( 172.16.1.2). how can i do that?

vlan2: 192.168.1.0/24

vlan3: 172.16.1.0/24

Thank You

Hoa

6 Replies 6

Terence Payet
Level 1
Level 1

Hi,

This can be done using the below ACL:

ip access-list extended VLAN3_VLAN2_WWW

 permit tcp host 172.16.1.1 host 192.168.1.1 eq 80

 deny tcp 172.16.1.0 0.0.255 any

 permit ip any any

ip access-list extended VLAN2_VLAN3_TELNET

 permit tcp host 192.168.1.2 host 172.16.1.2 eq 23

 deny tcp 192.168.1.0 0.0.255 any

 permit ip any any

int vlan 2

ip access-group VLAN3_VLAN2_WWW in

int vlan 3

ip access-group VLAN2_VLAN3_TELNET in

HTH.

Please rate helpful post.

Regards,

Terence

Thank Terence for your Answer.

i have done as your suggestion but after that not ONLY the protocol WWW or Telnet, the other service also enable each other.

can you help me this?

thank

Hi,

I dont understand. Are you saying that it is not working? As in everything is being allowed despite the ACL.

Regards,

Terence

Hi Terance,

I think your acl traffic flow direction is wrong. Either you can swap the acl on both vlan or you can change the acl direction.

#####Option1

int vlan 2

ip access-group VLAN2_VLAN3_WWW in

!

int vlan 3

ip access-group VLAN3_VLAN2_TELNET in

##### Option 2

int vlan 2

ip access-group VLAN3_VLAN2_WWW out

!

int vlan 3

ip access-group VLAN2_VLAN3_TELNET out

Hi Terence

as i say, i need ONLY allow pc1 (172.16.1.1) access www server 1(192.168.1.1) but i found that the other pc froom vlan 3 (172.16.1.2) also access www server 1(192.168.1.1) as attached1.

i also need ONLY pc2( 192.168.1.2) access telnet server 2( 172.16.1.2). but pc1(192.168.1.1) also telnet to server 2(172.16.1.2) as attached2.

kindly help please

Hoa

Hi,

As explain by pawan.raut.

I made a mistake in the ACL flow.

Please apply the following instead:

int vlan 2

ip access-group VLAN3_VLAN2_WWW out

int vlan 3

ip access-group VLAN2_VLAN3_TELNET out

HTH.

Regards,

Terence

Review Cisco Networking for a $25 gift card