Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
168
Views
0
Helpful
1
Replies

VLAN_Access-List

MUHAMMED SHAFI
Level 1
Level 1

‎03-26-2015 03:53 AM - edited ‎03-07-2019 11:16 PM

Dear All,

 

I am facing some problem in creating VLAN access-list we have all vlan in core switch also i have configured vlan ip address (SVI) below is vlan details

 

1. Vlan 1 : 172.16.1.0

2. Vlan 2 : 172.16.2.0

3. Vlan 3 : 172.16.3.0

4. Vlan 4 : 172.16.4.0

5. Vlan 5 : 172.16.5.0 (Guest Vlan)

My requirement is guest vlan should not communicate with other vlan except internet 

Kindly help me for a configuring access-list for my issue 

i need to allow 172.16.5.0 only internet should not communicate with other vlan

 

Waiting for your reply 

Regards

Muhammed

Labels:
0 Helpful
1 Reply 1

Bilal Nawaz
VIP Alumni
VIP Alumni

‎03-26-2015 05:39 AM

Hello Muhammed,

You can create an inbound ACL on the SVI to block traffic to all internal RFC1918 addressing and permit everything else to the internet. But maybe you have to permit traffic to things like any internal DNS or default GW first? if not then you can remove line 1.

We can do this like below:

 

ip access-list extended BLK-RFC1918

1 permit ip any host 172.16.5.1

10 deny ip any 10.0.0.0 0.255.255.255

20 deny ip any 192.168.0.0 0.0.255.255

30 deny ip any 172.16.0.0 0.15.255.255

100 permit ip any any

!

interface vlan 5

ip access-group BLK-RFC1918 in

 

Hope this helps

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card