Re: Access List

rzt.roet53 · ‎04-27-2022

Hi everyone,

I have got two vlans:

VLAN1 and VLAN2

I want to access only one pc(192.168.206.20) in VLAN2 from devices of VLAN1 and want to deny to other devices in VLAN2.

I tried with access list as below:

ip access list extended VLAN1

permit ip any host 192.168.206.20()

deny ip any any

Int vlan1

ip access-group VLAN1 out

But its not working.

Where i did wrong?

Thanks

Jon Marshall · ‎04-27-2022

Assuming 192.168.206.20 is in vlan 2 then you should apply the acl to the vlan 2 interface ie.

int vlan 2
ip access-group VLAN1 out

an acl applied inbound applies to traffic from the clients in that vlan and an acl applied outbound is for traffic to those clients.

Jon

MHM Cisco World · ‎04-28-2022

ip access list extended VLAN1

permit ip any host 192.168.206.20-> permit ip host 192.168.206.20 any <-this change only

deny ip any any

Int vlan1

ip access-group VLAN1 out

Jon Marshall · ‎04-28-2022

That won't stop any client in vlan 1 sending traffic to vlan 2 devices which is the original requirement.

It will block return traffic but some traffic does not need the return traffic eg. SNMP commands etc.

Jon

MHM Cisco World · ‎04-28-2022

@rzt.roet53 @Jon Marshall

(192.168.206.20) depend on this Host is it in VLAN 1 or VLAN 2??

Jon Marshall · ‎04-28-2022

Agreed, it does depend on which vlan that host is in.

Jon

paul driver · ‎04-28-2022

Helo
It seems like this post is just an extension from a previous post - here

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul