Solved: Re: Inter-Vlan ACL, traffic blocked - Cisco Community

403

Views

0

Helpful

1

Replies

Hi,

I have a basic ACL to do between 2 vlans but i can't make it work.

I want that the Vlan1 only comuncate on port TCP 5090 and 5900 with vlan 4, and with no restriction with other VLANs.

I want that the Vlan 4 access to all Vlans with no restriction.

I have done :

interface Vlan1

ip address 192.168.1.199 255.255.255.0

ip access-group 110 in

interface Vlan4

ip address 192.168.4.199 255.255.255.0

access-list 110 permit tcp 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 eq 5090

access-list 110 permit tcp 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 eq 5900

access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 110 permit ip any any

From VLAN 1 to VLAN 4 it's working properly and i only have access at port 5090 and 5900.

From VLAN 4 i can no more reach VLAN 1.

What's wrong ?

Thanks for help.

1 Accepted Solution

Accepted Solutions

Since the source address of the VLAN4 intiate will change right ?

You need ACL from Souce from 192.168.4.X

Example :

access-list 110 permit tcp 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 eq XXX

access-list 110 permit tcp 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 eq XXX

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

1 Reply 1

Since the source address of the VLAN4 intiate will change right ?

You need ACL from Souce from 192.168.4.X

Example :

access-list 110 permit tcp 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 eq XXX

access-list 110 permit tcp 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 eq XXX

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card