Re: Access List for VLAN

rzt.roet53 · ‎04-26-2022

Hi,

I have two VLAN: VLAN 1 and VLAN 2.

I want VLAN 1 to access to VLAN 2 BUT VLAN 2 cannot access to VLAN 1.
Please how can I do that?
I need access list command.

Thank you

Jon Marshall · ‎04-26-2022

You can't really do that fully with acls, you need a stateful firewall.

You could use the "established" keyword if it is supported on your device but it is only for TCP but really for what you want to do you need a stateful device.

Jon

balaji.bandi · ‎04-27-2022

Try this

in - direction is everything that flows from the VLAN
out - Direction of traffic flowing out, towards the VLAN

access-list 100 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 100 deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip any any

int vlan 1
ip access-group 100 in

Note : thinking that VLAN 1 IP address 192.168.10.0/24 and VLAN 2 IP address 192.168.20.0/24

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Jon Marshall · ‎04-27-2022

Balaji

The second line in that acl does nothing at all because the source IPs are never 192.168.20.0/24 inbound on the SVI.

Jon

paul driver · ‎04-27-2022

Hello

You have already asked this same question from your other OP on access-list here

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul