Solved: Inter-Vlan ACL, traffic blocked

spiro67 · ‎10-04-2021

Hi,

I have a basic ACL to do between 2 vlans but i can't make it work.

I want that the Vlan1 only comuncate on port TCP 5090 and 5900 with vlan 4, and with no restriction with other VLANs.

I want that the Vlan 4 access to all Vlans with no restriction.

I have done :

interface Vlan1

ip address 192.168.1.199 255.255.255.0

ip access-group 110 in

interface Vlan4

ip address 192.168.4.199 255.255.255.0

access-list 110 permit tcp 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 eq 5090

access-list 110 permit tcp 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255 eq 5900

access-list 110 deny ip 192.168.1.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 110 permit ip any any

From VLAN 1 to VLAN 4 it's working properly and i only have access at port 5090 and 5900.

From VLAN 4 i can no more reach VLAN 1.

What's wrong ?

Thanks for help.

balaji.bandi · ‎10-04-2021

Since the source address of the VLAN4 intiate will change right ?

You need ACL from Souce from 192.168.4.X

Example :

access-list 110 permit tcp 192.168.4.0 0.0.0.255 192.168.1.0 0.0.0.255 eq XXX

***** Rate All Helpful Responses *****