i separate my network into 3 main vlan subnet named vlan2 vlan109 vlan111 , and need to set access list policy between them.the policy is :
(1).vlan 111 cannot be visited by other vlans except vlan2;
(2).vlan 2 cannot be visited by other vlans,but it can visit other vlans;
(3).vlan 109 can be visited by anyother vlans;
how can i arrange the acl table to meet the requirement? online waiting for any experts' reply,and thx a lot a a lot!
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
good anwser! u r an real expert! succeed in testing ! but another problem i want to ask is that : what's the meaning of the keyword "established" it seemed that it can be used to accomplish "reflect" function that C3550-EMI does not support.how can i know about this keyword,i do not understand cisco official mannul . do u have msn messager account? could i be ur friend?thx a lot!thx a lot again!
Ref:
http://www.cisco.com/en/US
"established" keyword permits responsed to connections established by outbound requests, yet blocks all unsolicited inbound traffic.
No, I don't use IM of any ilk.
You can post all the questions you want here, and I'll try to do my best to answer them.
i have several vlans, i just want permit the ip : 192.168.2.244 telnet to 192.168.1.1 (3550emi switch) and deny any others,how can i write acls and bind it to vlan interface?
i have use the command outlined below:
access-list 101 host 192.168.2.244 host 192.168.1.1 eq telnet
int vlan1
ip access-group 101 in
but no effects at all
how can adjust my acls Cthx a lot ,online wating
Is this a new question? You should post new questions on their own instead of continuing this thread because I'm probably the only one who will see them since this thread is closed out. I'm not always around and may not be able to answer your Questions for you in a timely manner, but someone else might...
Telnet access to the management interface is handled by access to VTY:
access-list 11 permit 192.168.2.244
line vty 0 15
access-class 11 in
Business Accounts
Answer for Membership
by: lrmoorePosted on 2003-08-02 at 10:07:32ID: 9054622
(1) only permit vlan 2 into vlan 111
access-list 102 permit <vlan2 subnet> <w_mask> <vlan111 subnet> <w_mask>
interface vlan 111
ip access-group 102 in
!
For (2) that's more difficult. If you want to access other vlans, the responses need to be allowed back.
!
access-list 103 permit tcp any <vlan2 subnet> <w_mask> established
!
interface vlan 2
ip access-group 103 in
!
(3) no action required