11-08-2019 10:43 PM
Here is my Simple configuration...
Switch#sh run
Building configuration...
Current configuration : 1668 bytes
!
version 12.2(37)SE1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/3
switchport access vlan 30
switchport mode access
switchport nonegotiate
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
mac-address 00e0.b054.9801
ip address 192.168.0.1 255.255.255.224
!
interface Vlan20
mac-address 00e0.b054.9802
ip address 192.168.0.33 255.255.255.224
!
interface Vlan30
mac-address 00e0.b054.9803
ip address 172.16.0.1 255.255.255.0
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
In above configuration all vlan communicate with each other. But i want block communication between Vlan 10 and vlan 20. How i will block . Plese help me.
Solved! Go to Solution.
11-08-2019 11:57 PM
11-10-2019 03:50 AM
Your answer is right for question but I got the answer before ur post. So thanks alot for posting right answer.
11-08-2019 11:57 PM
Read this: Configuring IP Access Lists
11-09-2019 05:11 AM
Hi @Manas
This can be achieved with a standard ACL.
Standard ACLs can block only by the source of the packet.
After all the lines of an ACL there is a deny any by default, so I recommend you to deny what you want and then allow everything else.
This is the structure:
access-list <1-99> <permit/deny> <source network> <wildcard>
access-list <1-99> permit any
Then, you must apply that ACL in the correct interface and indicate if the packets will be filtered when entering or exiting that interface (in/out).
This is the structure:
ip access-group <1~99> <in/out>
In your case, I recommend you deny the vlan 10 network and apply that ACL within the vlan 20 interface, in the outbound direction(out)
Try that and let us know if it worked for you.
Regards
11-10-2019 03:50 AM
Your answer is right for question but I got the answer before ur post. So thanks alot for posting right answer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide