Announcement

Collapse
No announcement yet.

ACL question

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ACL question

    Hi

    I am having a go at using ACL to work on a requirement which is:

    - i have vlan1, vlan2, vlan3 and vlan4 on my network which uses a layer 3 switch for routing. All vlans have interface vlans and can communicate.

    - a new requirement is that vlan4 should not be accessed by any device outside vlan4 except for 192.168.4.123 (which is on vlan4) which need to be accesses by ALL Vlans.

    I have created the following extended ACL:

    IP access list 100 permit ip any 192.168.4.123 0.0.0.0
    (deny all will be implict)

    and applied it on interface vlan4 in:

    interface Vlan4
    ip access-group 100 in


    Does this do the job?

    Thanks

  • #2
    Re: ACL question

    use 3 ACL's
    IP access list 100 deny ip VLAN1_SUBNET VLAN4_SUBNET
    IP access list 100 deny ip VLAN2_SUBNET VLAN4_SUBNET
    IP access list 100 deny ip VLAN3_SUBNET VLAN4_SUBNET
    IP access list 100 permit ip any 192.168.4.123 0.0.0.0

    Comment

    Working...
    X