cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
573
Views
0
Helpful
3
Replies

Access-list problem, vlan blocking

benjamin_a
Level 1
Level 1

Hi there

I have this setup:

2 Distribution switches DS01 and DS02, working as coor and dist (collapsed core)

2 Access switches with vlan 10 on one and vlan 11 on the other one

I also have a vlan 99 on all the swithces worinkg as management vlan

I have a Layer 3 link between the the DS switches also each access switche have a trunk link to each DS switches

Now here is my problem

I want to block the traffick from vlan 10, 11 and possibly also other vlans to vlan 99.

I have created a access-list to do this for vlan 10 to begin with

Vlan 10 = 10.0.10.0

Vlan 99 = 10.0.99.0

Here is my access-list config

access-list 101 deny ip 10.0.10.0 0.0.0.255 10.0.99.0 0.0.0.255

Interface vlan 99

ip access-group 101 in

it seems to block the traffick from vlan 10 to vlan 99 but some how I still can ping my DS01, not DS02, U_AS01 or U_AS02 which is the meaning

Any one who know how to fix this ?

1 Accepted Solution

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Hi

Can you this and test again?

This will block access to mgmt vlan from the other 2 vlans.

access-list 101 deny ip any 99.0 0.0.0.255

access-list 101 permit any

interface vlan 10

access-group 101 in

interface vlan 11

access-group 101 in

HTH

View solution in original post

3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

Hi

Can you this and test again?

This will block access to mgmt vlan from the other 2 vlans.

access-list 101 deny ip any 99.0 0.0.0.255

access-list 101 permit any

interface vlan 10

access-group 101 in

interface vlan 11

access-group 101 in

HTH

Hi Reza Sharifi

So many thanks, it is working great

Best regards

Benjamin

Glad to help Ben.

Thanks for the rating

Reza

Review Cisco Networking for a $25 gift card