06-03-2010 07:28 AM - edited 03-06-2019 11:24 AM
Dears,
anybody can help me in access list to restrict vlans in my core switch. I have 3750 core switch created 7 vlans.
interface Vlan1
description core & mangment
ip address 10.1.2.1 255.255.255.0
!
interface Vlan2
description edge switch
ip address 10.1.3.1 255.255.255.0
!
interface Vlan3
description wireless AP
ip address 10.1.5.1 255.255.255.0
!
interface Vlan4
description Printers & Door Access
ip address 10.1.7.1 255.255.255.0
!
interface Vlan5
description PBAX & IP Telephone
ip address 10.1.9.1 255.255.255.0
!
interface Vlan6
description Servers Vlan
ip address 10.1.10.1 255.255.255.0
!
interface Vlan7
description Desktops Vlan
ip address 10.1.20.1 255.255.255.0
!
interface Vlan8
ip address 10.1.11.2 255.255.255.0 secondary
ip address 10.1.1.2 255.255.255.0
!
interface Vlan31
ip address 10.1.31.1 255.255.255.0
!
interface Vlan10
no ip address
I have dhcp configuration for vlan 31
I need to restrict vlan 31 from all this vlans. i confiugure access list on core switch like but it will not take dhcp ip address
configuration:
access-list 101 deny ip 10.1.31.0 0.0.0.255 10.1.10.0 0.0.0.255
# access-list 101 deny ip 10.1.31.0 0.0.0.255 10.1.20.0 0.0.0.255
# access-list 101 deny ip 10.1.31.0 0.0.0.255 10.1.9.0 0.0.0.255
## access-list 101 permit ip 10.1.31.0 0.0.0.255 any
Apply this access-list 101 on vlan 31 interface
Interface vlan31
# Ip access-group 101 in
# end
any body can help in these issue. waiting for reply.
regards to all
06-03-2010 07:32 AM
Hello,
you need an ACL line like the following:
access-list 101 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps
because hosts booting use 0.0.0.0 as source address in DHCP request and 255.255.255.255 as destination
you will need also an ip helper-address
to have the router to relay DHCP requests to a distant DHCP server
Hope to help
Giuseppe
06-03-2010 07:46 AM
Hi Guislar,
I mean all configuration are perfect and just i need to add one more access list which you defined and in the dhcp pool i have to define ip helper address that its.
I have one more doubt that in vlan 6 i have dns server and i need to give access only two dns servers (10.1.6.232, 10.1..6.233) to vlan31 can communication. HOw i can used access list to permit vlan31 to access this two ip address only and all other should be denied.
I will try this ocnfiguration and update you soon.
thanks a lot guislar.
regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide