04-09-2015 01:31 PM - edited 03-07-2019 11:28 PM
Hi,
I have a small busines sf300-24 switch. The point is that I have 3 VLANs, VLAN 10, VLAN 20, VLAN 30. With an interface ip 192.168.10.100/24, 192.168.20.100/24, 192.168.30.100/24 respectively. The switch is in ROUTE mode and have activated the ip routing. With this configuration all the PCs in the different VLANS can ping each other.
My question is how can I do that by using ACLs, the PCs that are in VLAN 10 can communicate with PCs on VLANS 20 and 30, but that the PCs on vlan 20 and 30 can not communicate with each other.
I was trying to binding the ACL on the vlan interface but i think it only can be bind in a fisica interface.
Thanks.
04-10-2015 03:12 AM
I think you can bind it to vlan interface.
can you share you access list and what is the error u get when you try to bind it to vlan?
Thanks,
Madhu
04-10-2015 11:49 PM
04-11-2015 12:40 AM
Hello
racls in SVI interface have a reverse logic meaning
IN = originating from within the vlan
OUT = originating from outside the vlan
So in the example below the in bound acl will negate communication between vlan 20 & 30 Whislt allowing all other communication
vlan 20 = 20.20.20.0/24
vlan 30 = 30.30.30.0/24
access-list 100 deny IP any 20.20.20.0 0 0.0.0.255
access-list 100 permit any any
access-list 101 deny IP any 30.30.30.0 0 0 0.0.255
access-list 101 permit any any
int VLAN 20
ip acces-group 101 in
int vlan 30
ip access-group 100 in
Res
paul
04-11-2015 01:01 AM
Hi Paul,
Well, I understand what you say, but my main problem is that I can not bind any ACL with any interface vlan.
I'm not sure if the switch supports it and if it doesn´t i would like an alternative way to do that.
Thanks,
Alvaro
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide