06-14-2010 05:09 PM - edited 03-06-2019 11:34 AM
I have a 3750 switch where I am going to plug in a new connection on port g1/0/45. This connection will connect to another network that I only semi-trust so I need to restrict access.
On that port I will configure an ip of 10.112.50.22/24. This will connect to someone else's switch that holds the 10.112.50.0/24 network.
I have servers connected to my switch that this network needs access to.
Namely I need to allow hosts 10.112.50.8, 10.150.12.2, 10.151.12.2 access to my servers at 192.168.60.35 and 192.168.60.36. These servers are connected in VLAN1 on my switch.
I don't want them to have access to anything but those two servers. I don't need to filter by port, pure IP connectivity is fine for this.
Since I am 6000 miles away from my lab I dont have access to a live 3750. If memory serves, this is what I need to do:
Int g1/0/45 ip address 10.150.112.21/24
IP Access list 200 in
IP Access list 200
Permit ip host 10.150.12.8 host 192.168.60.36
Permit ip host 10.150.12.8 host 192.168.60.35
Permit ip host 10.150.12.2 host 192.168.60.36
Permit ip host 10.150.12.2 host 192.168.60.35
Permit ip host 10.151.12.2 host 192.168.60.36
Permit ip host 10.151.12.2 host 192.168.60.35
I have a change window tonight and need to confirm that this is the way to do it.
Thanks.
James
06-14-2010 05:33 PM
James,
your syntax was a little off.
ip access-list extended
Permit ip host 10.150.12.8 host 192.168.60.36
Permit ip host 10.150.12.8 host 192.168.60.35
Permit ip host 10.150.12.2 host 192.168.60.36
Permit ip host 10.150.12.2 host 192.168.60.35
Permit ip host 10.151.12.2 host 192.168.60.36
Permit ip host 10.151.12.2 host 192.168.60.35
to apply to the interface
int gi1/0/45
ip access-group
end
HTH
-Todd
06-15-2010 07:59 AM
I have a 3750 switch where I am going to plug in a new connection on port g1/0/45. This connection will connect to another network that I only semi-trust so I need to restrict access.
On that port I will configure an ip of 10.112.50.22/24. This will connect to someone else's switch that holds the 10.112.50.0/24 network.
I have servers connected to my switch that this network needs access to.
Namely I need to allow hosts 10.112.50.8, 10.150.12.2, 10.151.12.2 access to my servers at 192.168.60.35 and 192.168.60.36. These servers are connected in VLAN1 on my switch.
I don't want them to have access to anything but those two servers. I don't need to filter by port, pure IP connectivity is fine for this.Since I am 6000 miles away from my lab I dont have access to a live 3750. If memory serves, this is what I need to do:
Int g1/0/45 ip address 10.150.112.21/24
IP Access list 200 inIP Access list 200
Permit ip host 10.150.12.8 host 192.168.60.36
Permit ip host 10.150.12.8 host 192.168.60.35
Permit ip host 10.150.12.2 host 192.168.60.36
Permit ip host 10.150.12.2 host 192.168.60.35
Permit ip host 10.151.12.2 host 192.168.60.36
Permit ip host 10.151.12.2 host 192.168.60.35I have a change window tonight and need to confirm that this is the way to do it.
Thanks.
James
Hi James,
Thumb rule to apply acl is to close to host and as your configuration is ok
IP Access list 200
Permit ip host 10.150.12.8 host 192.168.60.36
Permit ip host 10.150.12.8 host 192.168.60.35
Permit ip host 10.150.12.2 host 192.168.60.36
Permit ip host 10.150.12.2 host 192.168.60.35
Permit ip host 10.151.12.2 host 192.168.60.36
Permit ip host 10.151.12.2 host 192.168.60.35
interface g1/0/45
ip access-group 200 in
The direction specifies the flow of the packet and to apply the acl in direction on interfaces.
In—Traffic that arrives on the interface and then goes through the router. The source is where it has been and the destination is where it goes, on the other side of the router.
Out—Traffic that has already been through the router and leaves the interface. The source is where it has been, on the other side of the router, and the destination is where it goes.
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide