Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
0
Helpful
1
Replies

Inter-Vlan Routing Acls

jfinnigan1
Level 1
Level 1

‎07-12-2013 11:33 AM - edited ‎03-07-2019 02:22 PM

Hello,

I have my Cisco 2800 Configured with Sub-intefaces, and I would like do do inter-vlan router but only in certian conditions.

SubIntefaces

0/0.1 Vlan 10 Staff (IP 10.10.100.1 255.255.255.0)

0/0.2 Vlan 20 Voice (IP 10.20.100.1 255.255.255.0)

0/0.3 Vlan 30 Public (IP 10.30.100.1 255.255.255.0)

0/0.3 Vlan 40 DMZ  (IP 10.40.100.1 255.255.255.0)

Staff Should be able to acess the following vlans:

Voice

Public

DMZ

No vlans should be able to access staff. No other vlans should be able to acess another one.

I believe I would use the Establish option. But I can't seem to get it working. Can you give me a sample config of what I need to enter?

Labels:
0 Helpful
1 Reply 1

thomas.g.fan
Level 1
Level 1

‎07-14-2013 07:33 PM

I would say it could be extremely easy to accomplished if you replace your 2800 router with a Cisco ASA firewall. But that was not what you asking. AFAIK, established option in cisco router ios could only apply to tcp connections so udp and icmp are still permitted even your configuration works.

to verify if established option works you could try to deny your telnet/ssh/remote desktop into your cisco device or windows server/pc in another subnet:

ip access-list extended TEST_EST

deny tcp host YOUR_CISCO_DEVICE host YOUR_PC eq 23 established

#deny TCP establishment between test device and your pc. change 23 to different port numbers if you want to try with other protocol. 80 for web, 3389 for remote desktop

permit ip any any

permit icmp any any

#this two lines are used so that end user will not be disconnected from network

then apply this access-list to the subinterface where target device locates

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card