09-23-2007 10:05 PM - edited 03-05-2019 06:39 PM
hi experts,
I have a layer 3 switch and i am trying to accomplish this task: there are two VLAN , supposed VLAN 10 and VLAN 20 , I want PCs in VLAN 10 can ping VLAN 20 but PCs in VLAN 20 can not ping PCs in VLAN 10 , anyone can give me some advises?
thank you!
09-23-2007 10:20 PM
hi
check for Firewalls in the client pc and also for ACLs under the vlans.
if possible do post out the config here.
regds
09-23-2007 11:56 PM
thankyou for replying
i am afraid you do not understand what i mean, or maybe i do not express clearly. what i want to do is that PCs in vlan 10 can ping PCs in vlan 20 but PCs in vlan 20 can not ping PCs in vlan 10. just some kind of one direction communication.
09-24-2007 01:55 AM
Create an extended incoming access-list on interface vlan 20 with the following entries:
permit icmp any any echo-reply
deny ip any any
09-24-2007 04:53 AM
sorry, I meant outgoing access-list: for example
interface vlan 20
ip address
ip access-group
09-24-2007 04:17 PM
how about TCP connections?
Does PCs in VLAN 20 can open TCP/UDP connection to PCs in VLAN 10?
09-24-2007 08:12 PM
ip access-list extended Vlan20_IN
deny icmp [vlan20 subnet] any echo
permit ip any any
interface vlan 10
ip access-group Vlan20_IN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide