Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
679
Views
1
Helpful
6
Replies

Access each other between 2 vlan on switch layer 3 ( 3750)

pvhoait01
Level 1
Level 1

‎08-22-2016 09:00 PM - edited ‎03-08-2019 07:06 AM

Hi Everyone

Can someone help me to fix my issue?

i have configured 2 VLAN on same switch 3750 as below ( i have configured routing between 2 vlan), i need only allow pc1 (172.16.1.1) access www server 1(192.168.1.1) and pc2( 192.168.1.2) access telnet server 2( 172.16.1.2). how can i do that?

vlan2: 192.168.1.0/24

vlan3: 172.16.1.0/24

Thank You

Hoa

Labels:
Preview file
43 KB
0 Helpful
6 Replies 6

Terence Payet
Level 1
Level 1

‎08-23-2016 12:57 AM

Hi,

This can be done using the below ACL:

ip access-list extended VLAN3_VLAN2_WWW

 permit tcp host 172.16.1.1 host 192.168.1.1 eq 80

 deny tcp 172.16.1.0 0.0.255 any

 permit ip any any

ip access-list extended VLAN2_VLAN3_TELNET

 permit tcp host 192.168.1.2 host 172.16.1.2 eq 23

 deny tcp 192.168.1.0 0.0.255 any

 permit ip any any

int vlan 2

ip access-group VLAN3_VLAN2_WWW in

int vlan 3

ip access-group VLAN2_VLAN3_TELNET in

HTH.

Please rate helpful post.

Regards,

Terence

0 Helpful

pvhoait01
Level 1
Level 1
In response to Terence Payet

‎08-24-2016 12:31 AM

Thank Terence for your Answer.

i have done as your suggestion but after that not ONLY the protocol WWW or Telnet, the other service also enable each other.

can you help me this?

thank

0 Helpful

Terence Payet
Level 1
Level 1
In response to pvhoait01

‎08-24-2016 12:50 AM

Hi,

I dont understand. Are you saying that it is not working? As in everything is being allowed despite the ACL.

Regards,

Terence

0 Helpful

Pawan Raut
Level 4
Level 4
In response to Terence Payet

‎08-24-2016 01:06 AM

Hi Terance,

I think your acl traffic flow direction is wrong. Either you can swap the acl on both vlan or you can change the acl direction.

#####Option1

int vlan 2

ip access-group VLAN2_VLAN3_WWW in

!

int vlan 3

ip access-group VLAN3_VLAN2_TELNET in

##### Option 2

int vlan 2

ip access-group VLAN3_VLAN2_WWW out

!

int vlan 3

ip access-group VLAN2_VLAN3_TELNET out

pvhoait01
Level 1
Level 1
In response to Pawan Raut

‎08-24-2016 02:45 AM

Hi Terence

as i say, i need ONLY allow pc1 (172.16.1.1) access www server 1(192.168.1.1) but i found that the other pc froom vlan 3 (172.16.1.2) also access www server 1(192.168.1.1) as attached1.

i also need ONLY pc2( 192.168.1.2) access telnet server 2( 172.16.1.2). but pc1(192.168.1.1) also telnet to server 2(172.16.1.2) as attached2.

kindly help please

Hoa

Preview file
27 KB
Preview file
13 KB
0 Helpful

Terence Payet
Level 1
Level 1
In response to pvhoait01

‎08-24-2016 04:13 AM

Hi,

As explain by pawan.raut.

I made a mistake in the ACL flow.

Please apply the following instead:

int vlan 2

ip access-group VLAN3_VLAN2_WWW out

int vlan 3

ip access-group VLAN2_VLAN3_TELNET out

HTH.

Regards,

Terence

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card