10-26-2010 01:13 PM - edited 03-06-2019 01:44 PM
Hi Experts,
I have a basic question , i m bit confused about below scenario,
1) there are 3 lans A, B, C
2) vlan B & C cannot Access Vlan A
3) but Vlan A should be allowed to access servers in Vlan B & C.
I have to implement this on switch
Thanks in Advance,
Mazhar
10-26-2010 01:23 PM
You would implement this with access lists on your VLAN routing interfaces. For example, say the vlans are 100, 101, 102. You would have routing interfaces to facilitate routing between VLANs that look something like the following:
interface vlan 100
ip address 192.168.0.1 255.255.255.0
interface vlan 101
ip address 192.168.1.1 255.255.255.0
interface vlan 102
ip address 192.168.2.1 255.255.255.0
To add access filtering, simply add an access list like so:
interface vlan 100
ip access-group FILTER in
You would define the FILTER access list to permit the desired subnets and deny the undesirable subnets.
10-26-2010 02:26 PM
Thanks Jason,
If i hv understood correct then in this case i ll deny traffic source from 101 & 102 towards vlan 100,
but i want vlan 100 to access 101 and 102 , so in above case return traffic from vlan 101 & 102 towards 100 ll be denied.
my requirement is 101 & 102 should not access 100 , but 100 should access 101 & 102.
10-26-2010 06:22 PM
You can use access-list with 'established' keyword.
Alternatively, you can look into reflexive access-list.
http://www.firstdigest.com/2009/03/cisco-how-to-use-reflexive-access-list-and-why-they-are-useful/
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: