04-18-2019 03:40 AM
I have two vlan 42 and vlan 52
Vlan 42 10.10.42.0/24
vlan 56 10.10.56.0/24
i want to communciate vlan 56 should communicate vlan 42
i do not want to communicate vlan 42 should not communicate vlan 56
04-18-2019 03:55 AM
04-18-2019 10:52 PM
I have configured buthave configured but still issue
04-18-2019 05:00 AM
Hello,
As Mark mentioned, you can write an ACL to block traffic in one direction. However, if you have a server in one vlan and users in another, putting an ACL is not going to work as the communication needs to be bi-directional even if you only want the users to be able to initiate the connection. If this is what you are trying to achieve, you might need to look into a statefull firewall or maybe configuring NAT to mask the clients on the inside.
Hope that helps!
04-18-2019 07:08 AM
04-18-2019 10:42 PM
04-19-2019 12:41 AM - edited 04-19-2019 01:16 AM
Hello
@ramakanth wrote:
I have configured but still issue
Vlan 42 is communicating with vlan 56
but i want vlan 56 should not communicate vlan 42
Then you need to allow established tcp traffic to be able return into vlan 42, unfortunately this will not work for UDP as the protocol is connectionless so udp can be allowed or denied
vlan 42 =192.168.42.0/24
vlan 56 =192.168.56.0/24
Ip access-list extended TST
Permit tcp 192.168.56.0 0.0.0.255 any established
deny tcp 192.168.56.0 0.0.0.255 any
permit ip any any
int vlan 42
Ip access-group TST out
04-19-2019 01:29 AM
The configuration which you have given me was not working
I will give you example
i have created two vlan vlan 42 and vlan 56
vlan 42 10.10.42.0
vlan 56 10.10.56.0
I have created 2 ACL
ip access-list extended comm_vlan
permit ip 10.10.56.0 0.0.0.255 any
permit ip any 10.10.56.0 0.0.0.255
deny ip 10.10.42.0 0.0.0.255 10.10.56.0 0.0.0.255
permit ip 10.10.42.0 0.0.0.255 any
permit ip any any
ip access-list extended vcomm_vlan2
permit tcp 10.10.56.0 0.0.0.255 any established
deny tcp 10.10.56.0 0.0.0.255 any
permit ip any any
and
interface Vlan42
ip address 10.10.42.1 255.255.255.0
ip access-group comm_vlan in
ip access-group vcomm_vlan2 out
!
interface Vlan56
ip address 10.10.56.1 255.255.255.0
ip access-group comm_vlan in
but both vlans are communicating
but i want only vlan 42 should communicate eith vlan 56
vlan 56 shoud not communicate with vlan 42
04-19-2019 01:40 AM
Hello
Remove the following and try again:
interface Vlan42
ip address 10.10.42.1 255.255.255.0
no ip access-group comm_vlan in
interface Vlan56
no ip access-group comm_vlan in
04-22-2019 04:37 AM
I have done but same issue occurs
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide