01-12-2018 02:34 AM - edited 03-08-2019 01:23 PM
Dear all,
I am a newbie in the Cisco's world and I've encountered a problem.
In our company there are several different VLANs, one of which, for example the VLAN 1 (192.168.1.0), allows wireless devices to access only some local Virtual machine's IP addresses.
The problem is that I have changed these VM's IPs and consequently the connected wireless devices cannot find the VMs.
So i logged into my Core Switch and i gave "show access-list"on the cli with the following results:
Extended IP access list vlan1-to-vlanX
- 10 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.3
- 20 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.4
...and so on up to
- 80 deny ip any any (39 matches)
To solve the problem and modify the destination IP addresses I thought to give these commands:
--------------------------------------------
"conf t"
"no 10 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.3"
"^Z"
"conf t"
"10 permit ip 192.168.1.0 0.0.0.255 host 192.168.X.X"
----------------------------------------------
is that right?
Thank you very much in advance for your cooperation
Solved! Go to Solution.
01-12-2018 03:06 AM - edited 01-12-2018 03:06 AM
Hello
Your nearly correct , just a slight change
sh ip access-list vlan1-to-vlan
conf t
ip access-list extended vlan1-to-vlan
no 10
10 permit ip 192.168.1.0 0.0.0.255 host 192.168.X.X
exit
res
Paul
01-12-2018 02:48 AM
I am not an expert at this but i would do like this...
en
conf t
-Enter the specific access-list as there can be many configured i.e
Extended IP access list vlan1-to-vlanX
-Delete the unwanted acl i.e
no 10 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.3
-verify with show command that the acl is deleted.
Then you can add your new permit entry.
Tip: Use a destination subnet address if you can instead of mentioning individual IP addresses.
google subnet-calculator and use it...
01-12-2018 03:16 AM
Thank you for your answer @mateens
However when I apply that, it returns the following error:
en conf t Enter configuration commands, one per line. End with CNTL/Z. sc1(config)#Extended IP access list vlan1-to-vlanX ^ % Invalid input detected at '^' marker.
if i give this directly, it returns this error:
sc1(config)#no 10 permit ip 192.168.1.0 0.0.0.255 host 192.168.2.3 ^ % Invalid input detected at '^' marker.
01-12-2018 03:06 AM - edited 01-12-2018 03:06 AM
Hello
Your nearly correct , just a slight change
sh ip access-list vlan1-to-vlan
conf t
ip access-list extended vlan1-to-vlan
no 10
10 permit ip 192.168.1.0 0.0.0.255 host 192.168.X.X
exit
res
Paul
01-12-2018 03:26 AM
Thank you, worked like a charm!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide