VLAN creating and creating ACL policy for denying internal communication

madan@felixinfotech.com · ‎06-28-2021

Hi

Need steps to create VLAN in cisco catalyst 2960 switch.

VLAN 100

192.168.100.1/24 is the IP

i do have existing VLAN's 10,20,30,40,50,60 these vlan have specific network.

An these can commmunicate internally and can get internet.

But VLAN 100 must not communicate with the above vlan's but must get Internet

How to create rules ,

Kindly support

balaji.bandi · ‎06-28-2021

~~what device is this and~~ what IOS Code it running, can you provide us show run config, so we can tweak for you

or refer below VACL :

https://www.ciscopress.com/articles/article.asp?p=1181682&seqNum=4

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts · ‎06-28-2021

The original post was pretty clear about platform saying "in cisco catalyst 2960 switch". While knowing the version of code might be helpful I think it more important to know what image type/licensing is running on the switch. Assuming that the switch does support the functionality you would follow these steps:

- configure vlan 100 and give it a name.

- configure interface vlan 100 and specify IP address and mask

- configure an extended access list. In that list deny any traffic with source address in 192.168.100.0/24 and destination in the other local subnets. Then allow traffic from 192.168.100.0/24 to any destination.

- apply the access list inbound on interface vlan 100.

HTH

Rick