NB: VLAN4 is supposed to access VLAN3 and VLAN2. VLAN2 and VLAN3 should not access VLAN4.
I have tried the configs but it's not working. The access-list seems not to work. I have pasted my configurations below( my router detailsCisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(50)SE,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Sat 28-Feb-09 02:53 by weiliu
Image text-base: 0x00003000, data-base: 0x02400000
ROM: Bootstrap program is C3560E boot loader
BOOTLDR: C3560E Boot Loader (C3560E-HBOOT-M) Version 12.2(44r)SE3, RELEASE SOFTWARE (fc3))
!
interface GigabitEthernet0/1
no switchport
no ip address
!
interface GigabitEthernet0/2
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/3
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/5
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/6
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/7
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/8
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/9
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/10
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/11
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/12
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/13
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/24
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface TenGigabitEthernet0/1
!
interface TenGigabitEthernet0/2
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 192.168.16.1 255.255.255.240
ip access-group vlan2 in
!
interface Vlan3
ip address 192.168.32.1 255.255.255.240
ip access-group vlan2 in
!
interface Vlan4
ip address 192.168.48.2 255.255.255.240
!
ip classless
ip http server
ip http secure-server
!
ip access-list extended vlan2
permit ip 192.168.16.0 0.0.0.15 192.168.48.0 0.0.0.15
deny ip any any
ip access-list extended vlan3
permit ip 192.168.32.0 0.0.0.15 192.168.48.0 0.0.0.15
deny ip any any
