Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1059
Views
3
Helpful
7
Replies

Catalyst C9200CX ACL with Different VLAN

CyberSafekeeper
Level 1
Level 1

‎08-06-2024 09:37 AM

Dear Gents,

i have a switch with the following configuration 

VLAN "servers " with ID 2 with access type assigned on Switch port 1,2,3 >> These ports connected to server 1 and server 2 and server 3

VLAN "Printer" with ID 3 access type assigned on Switch port 4>> These ports connected to Printer 1

I want servers 1 and 2 only to print on the printer and prohibit Server 3 from this

I have put the gateway IP on both VLAN configurations in advanced settings and tried ACL and routing without any luck

kindly I need your support in detailed steps for this configuration

Regards

Labels:
0 Helpful
7 Replies 7

Flavio Miranda
VIP
VIP

‎08-06-2024 10:29 AM

Hello @CyberSafekeeper 

   First you can create an Access-List:

ip access-list standard 20

    deny ip host  <server´s ip address>  <printer´s ip address>

   permit ip any any

then, you need to apply the access-list on the interface.

interface  <printer´s interface>

   ip access-group 20 in

 

 

 

CyberSafekeeper
Level 1
Level 1
In response to Flavio Miranda

‎08-06-2024 11:18 AM

Thanks for your fast reply . but do not I need to enable routing between the two VLANs as they are not different subnets?

0 Helpful

Flavio Miranda
VIP
VIP
In response to CyberSafekeeper

‎08-06-2024 11:32 AM

Your scenario does not require routing as all the device is connected to the switch. You can communication between them using only vlans.

 However, if you want to enable routing on the switch, you can use the command "ip routing". Just keep in mind that this may require  proper lincense.

CyberSafekeeper
Level 1
Level 1
In response to Flavio Miranda

‎08-06-2024 11:36 AM

so the access list will create inter VLAN directly and communicate between the different VLAN ID right ??

0 Helpful

CyberSafekeeper
Level 1
Level 1
In response to CyberSafekeeper

‎08-06-2024 11:38 AM

Also i want to deny any other IP other than the two servers not only the 3rd one ??

0 Helpful

Flavio Miranda
VIP
VIP
In response to CyberSafekeeper

‎08-06-2024 11:42 AM

if you want to allow only the 2 servers, and deny everything else. you need to use two lines and change from deny to permit.

ip access-list standard 20

permit ip host <server´s 1  ip address> <printer´s ip address>

permit ip host <server´s 2  ip address> <printer´s ip address>

 

then, you need to apply the access-list on the interface.

interface <printer´s interface>

ip access-group 20 in

DJW487
Level 1
Level 1

‎08-06-2024 08:18 PM

 Flavio,

If he has not enabled IP routing, then how would the servers talk from vlan 2 to vlan 3? Doesn't inter-vlan routing require 'ip routing' to be enabled, even when the switch has an SVI on both vlans?

Sounds to me like he has just configured an SVI on both vlan2 and vlan3.

0 Helpful
Customers Also Viewed These Support Documents