Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
566
Views
0
Helpful
3
Replies

Access List

LinkedIN
Level 1
Level 1

‎02-12-2018 01:10 AM - edited ‎03-08-2019 01:48 PM

Hi,

 

i have server ( 192.168.1.16) , am asking to how deny any traffic to ( 192.168.1.0/24 and 172.200.1.0/24), and permit others subnets .

 switch is WS-C3850-48T

thanks

Labels:
0 Helpful
3 Replies 3

Deepak Kumar
VIP Alumni
VIP Alumni

‎02-12-2018 01:49 AM

Hi, 

this is possible through VLAN ACL on the core switch.  as below 

 

ip access-list extended TestACL
deny ip 192.168.1.0 0.0.0.255 host 192.168.1.16
deny ip 172.200.1.0 0.0.0.255 host 192.168.1.16
permit ip any any
!
vlan access-map TestVACL
match ip address TestACL
action forward
!
vlan filter TestVACL vlan-list 10 <Server VALN ID 10>

 

 

more information: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/security/configuration_guide/b_sec_3se_3850_cg/b_sec_3se_3850_cg_chapter_01010.html

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

LinkedIN
Level 1
Level 1
In response to Deepak Kumar

‎02-12-2018 02:07 AM

"vlan filter TestVACL vlan-list 10 <Server VALN ID 10>"

 

what does this mean ?

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to LinkedIN

‎02-12-2018 02:26 AM

Menas -  Applies the VLAN access map to the specified VLANs. In your case, it is server VLAN.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents