08-03-2017 09:50 PM - edited 03-08-2019 11:36 AM
I have router which is connected to a sg 350 switch.
The switch has vlan 10,20,30.
I have 2 pcs under vlan 20.
So, now using extended acl i want to block 2 pcs under vlan 20.
how to do this ? Please help me
08-04-2017 12:24 AM
Hello,
what exactly do you want ? Block access from any of the VLANs to those two PCs in VLAN 20 ? Or block access between both PCs from within VLAN 20 ?
Below is an example of a VLAN Access List. In this example, the PCs with IP addresses 192.168.20.1 and 192.168.20.2 cannot communicate with each other, everything else in VLAN 20 can:
ip access-list extended VLAN_ACL
deny ip host 192.168.20.1 host 192.168.20.2
deny ip host 192.168.20.2 host 192.168.20.1
permit ip any any
!
vlan access-map VACL
match ip address VLAN_ACL
action forward
!
vlan filter VACL vlan-list 20
08-04-2017 12:35 AM
Actually i want to block the pcs from communicating each other within same vlan, which must be implemented in CISCO Packet tracer without using VACL but one should use only extended acl.
the above may be true in real case.
Please help me
08-04-2017 12:54 AM
Hello,
Cisco Packet Tracer does not support VACLs, so you cannot test it there. It will work though in a 'real' network.
08-05-2017 04:36 AM
Hello
Actually i want to block the pcs from communicating each other within same vlan
on each port
int x/x
switchport protected
res
Paul
08-04-2017 01:57 AM
I have 3 routers i want to communicate them using nat feature. But should not use any routing protocols. How to do using nat ?
Please help me.
08-04-2017 04:27 AM
Can you post the configs of the routers, or, if it is a Packet Tracer file, the zipped .pkt ?
08-04-2017 08:11 AM
08-04-2017 01:41 PM
Hello,
this should meet your requirement:
CORP 1
access-list 101 permit host 192.168.201.2 host 172.22.237.17 eq www
access-list 101 deny ip any 172.22.237.17
access-list 101 permit ip any host 172.22.237.18
interface GigabitEthernet0/0
ip access-group 101 out
08-05-2017 09:49 PM
Yes surely this can be implemented in using routing protocols.
But i want to implement this without using any routing protocol, but using only NAT/PAT concepts.
That is i want to send the routing information using nat / pat concepts only.
Please help me. Thanks in advance.
08-06-2017 05:59 AM
Hello
You hase asked two completely different question in one post?
But to summarize:
1)
Actually i want to block the pcs from communicating each other within same vlan
on each port
int x/x
switchport protected
2)
I have 3 routers i want to communicate them using nat feature. But should not use any routing protocols. How to do using nat
Do you need to use nat, It doesn't state to use nat in your task, and also it looks like the router is directly connected to the web/finance servers so nat wouldn't really work unless the link between corp1 and the switch is on a different subnet?
Below is a solution involving a 3 ace numbered acl that would be applied outbound on corp 1 router gig0/0 interface
access-list 100 permit tcp host 192.168.201.2 host 172.22.237.17 eq www
access-list 100 permit tcp host 198.18.132.65 host 172.22.237.18 eq www
access-list 100 permit tcp 192.168.201.0 0.0.0.255 host 172.22.237.18 eq www
in gig0/0
ip access-group 100 out
ip proxy-arp
int gig0/1
no ip unreachables
no
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide