09-09-2007 02:32 AM - edited 03-05-2019 06:21 PM
Hi,
Bridge BVI10 is setup with IP address of 10.10.20.1 subnet mask 255.255.255.0. VLAN10 is configured as a VLAN for IRB and part of the BVI10 bridge group.
Fast Ethernet Port 0 is assigned to this VLAN.
It also has its own DHCP Scope.
Bridge BVI20 is setup with IP address of 10.10.30.1 subnet mask 255.255.255.0 VLAN20 is configured as a VLAN for IRB and part of the BVI20 bridge group.
Fast Ethernet Port 1 is assigned to this VLAN>
It also has its own DHCP Scope.
A PC attached to FE0 can ping 10.10.20.1 and itself and the internet.
A PC attached to FE1 can ping 10.10.30.1 and itself and the internet.
I want the PC in FE0 to be able to ping the PC attached to FE1 i.e 10.10.30.1 (the other VLAN) but not the other way round.
Can someone advise how to modify the configuration to achieve this.
Thanks,
M.
09-09-2007 04:43 AM
You need to create an ACL on BVI10
access-list 101 deny icmp host 10.10.30.1 any echo
access-list 101 permit ip any any
interface BVI10
ip access-group 101 in
09-09-2007 08:25 AM
thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide