01-18-2014 12:50 PM - edited 03-07-2019 05:39 PM
Hi there
I have this setup:
2 Distribution switches DS01 and DS02, working as coor and dist (collapsed core)
2 Access switches with vlan 10 on one and vlan 11 on the other one
I also have a vlan 99 on all the swithces worinkg as management vlan
I have a Layer 3 link between the the DS switches also each access switche have a trunk link to each DS switches
Now here is my problem
I want to block the traffick from vlan 10, 11 and possibly also other vlans to vlan 99.
I have created a access-list to do this for vlan 10 to begin with
Vlan 10 = 10.0.10.0
Vlan 99 = 10.0.99.0
Here is my access-list config
access-list 101 deny ip 10.0.10.0 0.0.0.255 10.0.99.0 0.0.0.255
Interface vlan 99
ip access-group 101 in
it seems to block the traffick from vlan 10 to vlan 99 but some how I still can ping my DS01, not DS02, U_AS01 or U_AS02 which is the meaning
Any one who know how to fix this ?
Solved! Go to Solution.
01-18-2014 01:34 PM
Hi
Can you this and test again?
This will block access to mgmt vlan from the other 2 vlans.
access-list 101 deny ip any 99.0 0.0.0.255
access-list 101 permit any
interface vlan 10
access-group 101 in
interface vlan 11
access-group 101 in
HTH
01-18-2014 01:34 PM
Hi
Can you this and test again?
This will block access to mgmt vlan from the other 2 vlans.
access-list 101 deny ip any 99.0 0.0.0.255
access-list 101 permit any
interface vlan 10
access-group 101 in
interface vlan 11
access-group 101 in
HTH
01-18-2014 02:00 PM
Hi Reza Sharifi
So many thanks, it is working great
Best regards
Benjamin
01-18-2014 02:27 PM
Glad to help Ben.
Thanks for the rating
Reza
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide