10-15-2009 10:43 AM - edited 03-06-2019 08:08 AM
Hi ,
I need to apply access list in global mode.I want that user VLAN_A, VLAN_B and VLAN_C shouldnt be able to communicate with each other but these vlans should be able to communicate with VLAN_SERVER and VLAN_IT.
how do i do configuration,i am lil confused.
regards
Neo
10-15-2009 10:55 AM
Neo
VLAN A = 192.168.5.0/24
VLAN B = 192.168.6.0/24
VLAN C = 192.168.7.0/24
VLAN A
======
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 101 permit ip any any
int vlan A
ip access-group 101 in
VLAN B
======
access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 102 deny ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 102 permit ip any any
int vlan B
ip access-group 102 in
VLAN C
======
access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.5.0 0.0.0.255
access-list 103 deny ip 192.168.7.0 0.0.0.255 192.168.6.0 0.0.0.255
access-list 103 permit ip any any
int vlan C
ip access-group 103 in
Jon
10-15-2009 11:04 AM
If you are using DHCP on those VLANs you need to make sure that you allow the following as well in the access-list else your clients will not be able to get IP addresses.
access-list xxx permit udp 0.0.0.0 0.0.0.0 eq bootps
10-15-2009 11:08 AM
edited.
10-15-2009 11:13 AM
Jacques
Apologies i see what you mean, i have edited original post.
Jon
10-15-2009 11:35 PM
Hi All,
I need to configure only in global mode only not in interface mode.
regards
Neo
10-16-2009 01:36 AM
please help
regards
Neo
10-16-2009 01:42 AM
Neo
The way to achieve filtering between vlans is to use the example provided. However if you have to do it from global config mode you are probably referring to a vlan access-map -
these are most commonly used to filter traffic within the same vlan and not between vlans though.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide