Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1818
Views
0
Helpful
4
Replies

How can I configure ACLs on VLANS?

alvarocruzesc
Level 1
Level 1

‎04-09-2015 01:31 PM - edited ‎03-07-2019 11:28 PM

Hi,

I have a small busines sf300-24 switch. The point is that I have 3 VLANs, VLAN 10, VLAN 20, VLAN 30. With an interface ip 192.168.10.100/24, 192.168.20.100/24, 192.168.30.100/24 respectively. The switch is in ROUTE mode and have activated the ip routing. With this configuration all the PCs in the different VLANS can ping each other.

My question is how can I do that by using ACLs, the PCs that are in VLAN 10 can communicate with PCs on VLANS 20 and 30, but that the PCs on vlan 20 and 30 can not communicate with each other.

I was trying to binding the ACL on the vlan interface but i think it only can be bind in a fisica interface.

 

Thanks.

Labels:
0 Helpful
4 Replies 4

Madhukrishnan Gopinathan Nair
Level 7
Level 7

‎04-10-2015 03:12 AM

I think you can bind it to vlan interface.

can you share you access list and what is the error u get when you try to bind it to vlan?

 

Thanks,

Madhu

0 Helpful

alvarocruzesc
Level 1
Level 1
In response to Madhukrishnan Gopinathan Nair

‎04-10-2015 11:49 PM

thanks for answering.

Well, I leave a document of the basic idea of the settings I want to do.

 

Preview file
434 KB
0 Helpful

paul driver
VIP
VIP
In response to alvarocruzesc

‎04-11-2015 12:40 AM

Hello

racls in SVI interface have a reverse logic meaning

IN = originating  from within the vlan

OUT = originating from outside the vlan

 

So in the example below the in bound acl will negate communication between vlan 20 & 30 Whislt allowing all other communication

 

vlan 20 = 20.20.20.0/24

vlan 30 = 30.30.30.0/24

 

access-list 100 deny IP any 20.20.20.0 0 0.0.0.255

access-list 100 permit any any

access-list 101 deny  IP any 30.30.30.0 0 0 0.0.255

access-list 101 permit  any any

 

int VLAN 20

ip acces-group 101 in

 

int vlan 30

ip access-group 100 in

 

Res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

alvarocruzesc
Level 1
Level 1
In response to paul driver

‎04-11-2015 01:01 AM

Hi Paul, 

Well, I understand what you say, but my main problem is that I can not bind any ACL with any interface vlan.

I'm not sure if the switch supports it and if it doesn´t i would like an alternative way to do that.

Thanks,

Alvaro

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card