Announcement

Collapse
No announcement yet.

Create access list

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Create access list

    I have a Cisco 6500-E core switch and I need to setup an access list to prevent two subnets from being able to talk to one another. I've never really worked with access-lists so I'm not sure where to start.

    I need to block 10.0.31.0/24 from accessing 10.0.50.0/24 and vice versa. Would I just enter
    access-list 20 deny ip 10.0.31.0 0.0.0.255 10.0.50.0 0.0.0.255
    access-list 20 deny ip 10.0.50.0 0.0.0.255 10.0.31.0 0.0.0.255
    access-list 20 permit ip any any

    I know this is simple, but this is a production switch that doesn't have a very big window for me to try things.

  • #2
    Re: Create access list

    You are on the right track. I would add two ACLs. One for each SVI in the inbound direction.

    Something like:

    Code:
     
    access-list 100 deny ip 10.0.31.0 0.0.0.255 10.0.50.0 0.0.0.255
    access-list 100 permit ip any any
     
     
    access-list 101 deny ip 10.0.50.0 0.0.0.255 10.0.31.0 0.0.0.255
    access-list 101 permit ip any any
    Now attach each access-list to the corresponding SVI in the inbound direction.

    Example:

    Code:
     
    interface vlan 4
     ip address 10.0.31.1 255.255.255.0 (reference)
     ip access-group 100 in
     
    interface vlan 5
    ip address 10.0.50.1 255.255.255.0 (reference)
    ip access-group 101 in

    Comment


    • #3
      Re: Create access list

      Thanks. I'll give this a try this afternoon.

      Comment

      Working...
      X