Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
4
Helpful
1
Replies

Need to hid general VLAN from management VLANs.

MatthewN37
Level 1
Level 1

‎07-25-2012 06:14 AM - edited ‎03-07-2019 07:58 AM

Hi I’m not too experienced with ACL’s so I come here seeking your help.

Recently we had a security audit performed and one of the items that was highlighted was that the production VLAN can see the management VLANs (ie SAN, VM host, Security Cameras). So I need to block this access with a ACL for the majority of our users but still need to exclude some members of our department.

So after doing some research I have come up with this.

---

interface vlan 1
ip address 10.113.0.1 255.255.0.0
ip access-group BAN_VLAN_2 in
!
interface vlan 2
ip address 10.111.0.1 255.255.0.0
!
interface vlan 3
ip address 10.114.0.1 255.255.0.0
ip access-group BAN_VLAN_2 in
!
ip access-list extended BAN_VLAN_2
deny ip 10.111.0.0 0.0.255.255 any
permit ip any any

---

VLAN 2 being my general VLAN.

Is there a better way of doing this? If so how?


Thanks!

Matthew

Labels:
0 Helpful
1 Reply 1

nkarthikeyan
Level 7
Level 7

‎07-25-2012 07:08 AM

Hi Matthew,

You can restrict that with the ACL as you did . That ACL works like any requests coming from VLAN2 (10.111.0.1) to other VLAN's 1 & 3 will get totally blocked. Make sure that you don need anyother specific communications required from vlan 2 to the other vlans 1 & 3.

Please do rate if the given information helps.

By

Karthik

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card