Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1207
Views
0
Helpful
0
Replies

Inter Vlan rouiting using cisco 2911 router and Hp procurve 2626-pwr(J8164A)

Zia ul huque Nahooran
Level 1
Level 1

‎01-29-2017 01:10 AM - edited ‎03-08-2019 09:06 AM

I created the intervlan routing using cisco 2911 router and hp procurve 2626 switch

I have four vlans , 10,20,30,40 respectively.

I want to

1. vlan 10 to access all vlans, Vlan 20 isolated.

2. then i want to access vlan 40 from vlan 30, but restrict vlan 30 from vlan 40.

Here the configuration:

Cisco2911

Router#sh run
Building configuration...

Current configuration : 2011 bytes
!
! Last configuration change at 07:52:09 UTC Sun Jan 29 2017
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2911/K9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.10.10.2 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.10.20.2 255.255.255.0
 ip access-group 120 in
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip address 10.10.30.2 255.255.255.0
 ip access-group 130 in
!
interface GigabitEthernet0/0.40
 encapsulation dot1Q 40
 ip address 10.10.40.2 255.255.255.0
 ip access-group 140 in
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
access-list 120 deny   ip 10.10.20.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 120 permit ip any any
access-list 130 deny   ip 10.10.30.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 130 deny   ip 10.10.30.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 130 permit ip any any
access-list 140 deny   ip 10.10.40.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 140 deny   ip 10.10.40.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 140 deny   ip 10.10.40.0 0.0.0.255 10.10.30.0 0.0.0.255
access-list 140 permit ip any any
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
!
end

/////

But after creating the access list, both side access between both the vlan is getting blocked.

Please help me on this.

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card