10-13-2021 08:13 AM - edited 10-13-2021 08:44 AM
10-13-2021 11:04 AM
Hello,
the below should work:
ip access-list DMZDeny
10 permit udp host 0.0.0.0 host 255.255.255.255 eq bootpc
20 deny ip 10.1.40.0 0.0.0.255 10.1.10.0 0.0.0.255
30 deny ip 10.1.40.0 0.0.0.255 10.1.20.0 0.0.0.255
40 deny ip 10.1.40.0 0.0.0.255 10.1.30.0 0.0.0.255
40 permit ip 10.1.40.0 0.0.0.255 any
!
interface vlan 40
ip access-group DMZDeny in 1
10-14-2021 05:44 AM - edited 10-14-2021 05:45 AM
I played with it for a while through the web ui and I think I got it. It doesn't match what you have exactly but it's close and it seems to work:
ip access-list extended DMZDeny
10 permit udp 10.1.40.0 0.0.0.255 eq bootps host 10.1.30.50 eq bootps
20 deny ip 10.1.40.0 0.0.0.255 10.1.10.0 0.0.0.255
30 deny ip 10.1.40.0 0.0.0.255 10.1.20.0 0.0.0.255
40 deny ip 10.1.40.0 0.0.0.255 10.1.30.0 0.0.0.255
40 permit ip 10.1.40.0 0.0.0.255 any
interface vlan 40
ip access-group DMZDeny in
Thanks! Now to figure out VoIP QoS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide