12-01-2008 01:04 AM - edited 03-06-2019 02:44 AM
Dear All,
Please help me to solve problem as below!!!
I had Cisco switch 3560 and i did inter-Vlan on this switch. So i was create 3 vlan( Vlan10,20 and 30) and was configure
access-list all 3 vlan .
let me tell u what i want:
1.On Vlan 10: Vlan10 can access vlan 20 and Vlan30.
2.On Vlan 20 : cannot access Vlan 10 and Vlan 30.
3.On Vlan 30 : cannot access Vlan 10 and vlan20
as configuration as above it doesn't work Could you correct on this comand?
Best Regards,
Rechard
12-01-2008 01:30 AM
the only way u can configure it by using the established ACL this way the returne traffic from vlan 10 will be permited
12-02-2008 04:54 PM
Hi David,
On Vlan 10, since we are allowing access to all other Vlans, we would not need any ACLs on that Vlan.
For Vlan 20 and 30, we can configure and apply a standard ACL that will deny any packets with a destination address to either of the other Vlans.
For example on Vlan 20, you will create an ACL with ACEs as follows:
deny ip any
deny ip any
Once done, you can apply this group on to the Vlan interface.
Hope this helps.
-/ KC
12-02-2008 09:47 PM
Hi rechard,
Can you share the configuration of VACL what you have deployed in the interface of each vlan.
Ganesh.H
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide