03-20-2024 03:24 AM - edited 03-20-2024 03:29 AM
Hi guys!
I have a use-case where I’m using a L3 core switch (IP services) and i have 5 Vlans their names are 10,20,30,40,50
from Vlan 10-40 are for staff and number 50 is for guests with the range for Guests ( 172.16.160.x to 172.16.191.x).
and i have Wi-Fi devices for each Vlan.
my question is how can i prevent every user that in Vlan 50 ( Guests ) from accessing internal company sites and allowing them to use just internet (google, youtube etc..)
i know i should use ACL but how??
kind regards
03-20-2024 06:22 AM
ACL is one way but I think most ppl will recommend using VLAN ACL -vlan access maps.
Regards, ML
**Please Rate All Helpful Responses **
03-21-2024 12:23 AM
thank you i'll read about it
03-20-2024 07:11 AM
One possible method would be to have both in and out ACLs on your guest gateways (likely the SVI for VLAN 50) blocking IPs in your internal IP address range(s).
The forgoing answers the conceptional how but if the concept is unclear or you need help on actual config, let us know.
03-21-2024 12:31 AM
yes i need the configuration, for example lets say i have this subnets
192.168.1.x/24 vlan 10
192.168.2.x/24 vlan 20
192.168.3.x/24 vlan 30
192.168.4.x/24 vlan 40
192.168.5.x/24 vlan 50
192.168.6.x/24 vlan 60
192.168.7.x/24 vlan 70
i want to prevent 192.168.7.x/24 vlan 70 users from accessing internal company sites and accessing other vlans, just the allowed to use internet
03-21-2024 08:27 AM
ip access-list extended BlockIn
deny ip any 192.168.1.0 0.0.0.255
deny ip any 192.168.2.0 0.0.0.255
deny ip any 192.168.3.0 0.0.0.255
deny ip any 192.168.4.0 0.0.0.255
deny ip any 192.168.5.0 0.0.0.255
deny ip any 192.168.6.0 0.0.0.255
permit ip any any
ip access-list extended BlockOut
deny ip 192.168.1.0 0.0.0.255 any
deny ip 192.168.2.0 0.0.0.255 any
deny ip 192.168.3.0 0.0.0.255 any
deny ip 192.168.4.0 0.0.0.255 any
deny ip 192.168.5.0 0.0.0.255 any
deny ip 192.168.6.0 0.0.0.255 any
permit ip any any
interface Vlan70
ip access-group BlockIn in
ip access-group BlockOut out
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide