Solved: Access-list problem, vlan blocking

benjamin_a · ‎01-18-2014

Hi there

I have this setup:

2 Distribution switches DS01 and DS02, working as coor and dist (collapsed core)

2 Access switches with vlan 10 on one and vlan 11 on the other one

I also have a vlan 99 on all the swithces worinkg as management vlan

I have a Layer 3 link between the the DS switches also each access switche have a trunk link to each DS switches

Now here is my problem

I want to block the traffick from vlan 10, 11 and possibly also other vlans to vlan 99.

I have created a access-list to do this for vlan 10 to begin with

Vlan 10 = 10.0.10.0

Vlan 99 = 10.0.99.0

Here is my access-list config

access-list 101 deny ip 10.0.10.0 0.0.0.255 10.0.99.0 0.0.0.255

Interface vlan 99

ip access-group 101 in

it seems to block the traffick from vlan 10 to vlan 99 but some how I still can ping my DS01, not DS02, U_AS01 or U_AS02 which is the meaning

Any one who know how to fix this ?

Reza Sharifi · ‎01-18-2014

Hi

Can you this and test again?

This will block access to mgmt vlan from the other 2 vlans.

access-list 101 deny ip any 99.0 0.0.0.255

access-list 101 permit any

interface vlan 10

access-group 101 in

interface vlan 11

access-group 101 in

HTH

View solution in original post

Reza Sharifi · ‎01-18-2014

Hi

Can you this and test again?

This will block access to mgmt vlan from the other 2 vlans.

access-list 101 deny ip any 99.0 0.0.0.255

access-list 101 permit any

interface vlan 10

access-group 101 in

interface vlan 11

access-group 101 in

HTH

benjamin_a · ‎01-18-2014

Hi Reza Sharifi

So many thanks, it is working great

Best regards

Benjamin

Reza Sharifi · ‎01-18-2014

Glad to help Ben.

Thanks for the rating

Reza