08-09-2015 08:59 PM - edited 03-08-2019 01:17 AM
Dear All,
My basic network:
HR dept: 10.20.10.0/24
Server: 10.18.200.0/24
I'd like to config my core SW 3560 to deny allow access only specify range IP like below:
Allow 10.18.200.75 - 80 to 10.20.10.5 - 6
How can I define a config on my core switch?
Any help will be appreciated from,
Jacky.
08-10-2015 02:45 AM
This is just an example for you you can tweak it to your preference, then apply the access-list where you want i.e you SVI vlan interfaces to allow/deny them speaking to each other
Allow 10.18.200.75 - 80 to 10.20.10.5 - 6
access-list 185 permit ip host 10.18.200.75 host 10.20.10.5
access-list 185 permit ip host 10.18.200.76 host 10.20.10.5
access-list 185 permit ip host 10.18.200.77 host 10.20.10.5
access-list 185 permit ip host 10.18.200.78 host 10.20.10.5
access-list 185 permit ip host 10.18.200.79 host 10.20.10.5
access-list 185 permit ip host 10.18.200.80 host 10.20.10.5
access-list 185 permit ip host 10.18.200.75 host 10.20.10.6
access-list 185 permit ip host 10.18.200.76 host 10.20.10.6
access-list 185 permit ip host 10.18.200.77 host 10.20.10.6
access-list 185 permit ip host 10.18.200.78 host 10.20.10.6
access-list 185 permit ip host 10.18.200.79 host 10.20.10.6
access-list 185 permit ip host 10.18.200.80 host 10.20.10.6
interface vlan 12 (server)
ip access-group 185 in/out
interface vlan 13 (HR)
ip access-group 185 in/out
08-10-2015 02:59 AM
Hi mark malone,
Anyway thank you your quick support, May something misunderstand here...
Let said that my purpose is like to reduce access list line and don't want to define a lot of access-list.
Regards,
Jacky
08-10-2015 03:11 AM
Unfortunately there is no range command for an acl, only range statement available is at the end of an acl for ports that im aware of anyway
You could use the wildcard to try and create the range then instead from part of a larger subnet , heres some example links below may help
examples
http://www.omnisecu.com/cisco-certified-network-associate-ccna/access-control-list-acl-wildcard-masks.php
http://blog.ine.com/2007/12/26/q-how-do-i-compute-complex-wildcard-masks-for-access-lists/
https://learningnetwork.cisco.com/thread/30226
08-10-2015 08:53 PM
Thank you for your supporting mark malone
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide