Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
4
Helpful
1
Replies

Need to hid general VLAN from management VLANs.

MatthewN37
Level 1
Level 1

‎07-25-2012 06:14 AM - edited ‎03-07-2019 07:58 AM

Hi I’m not too experienced with ACL’s so I come here seeking your help.

Recently we had a security audit performed and one of the items that was highlighted was that the production VLAN can see the management VLANs (ie SAN, VM host, Security Cameras). So I need to block this access with a ACL for the majority of our users but still need to exclude some members of our department.

So after doing some research I have come up with this.

---

interface vlan 1
ip address 10.113.0.1 255.255.0.0
ip access-group BAN_VLAN_2 in
!
interface vlan 2
ip address 10.111.0.1 255.255.0.0
!
interface vlan 3
ip address 10.114.0.1 255.255.0.0
ip access-group BAN_VLAN_2 in
!
ip access-list extended BAN_VLAN_2
deny ip 10.111.0.0 0.0.255.255 any
permit ip any any

---

VLAN 2 being my general VLAN.

Is there a better way of doing this? If so how?


Thanks!

Matthew

Labels:
0 Helpful
1 Reply 1

nkarthikeyan
Level 7
Level 7

‎07-25-2012 07:08 AM

Hi Matthew,

You can restrict that with the ACL as you did . That ACL works like any requests coming from VLAN2 (10.111.0.1) to other VLAN's 1 & 3 will get totally blocked. Make sure that you don need anyother specific communications required from vlan 2 to the other vlans 1 & 3.

Please do rate if the given information helps.

By

Karthik

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card