nasemabdullaa
asked on
access list help
hi
if i have 4 switch 2950 each two switch connect to distrbution
switch (layer 3 switch using to routing ) then the two
distrbution switch connect to core switch then to pix 525 then
to router 2800 each switch contain 2 vlan (vlan 14 and vlan 10)
i use routing rip in pix
how i can prevent user of vlan 14 from enter to vlan 10 and user
of vlan 10 from enter to vlan 14 (mean i want the user on each VLAN not to be able to see the shearing file on other vlan)
exept ip 172.16.14.20
and 172.16.10.20
network for switch is
172.16.14.0
172.16.10.0
thanks
if i have 4 switch 2950 each two switch connect to distrbution
switch (layer 3 switch using to routing ) then the two
distrbution switch connect to core switch then to pix 525 then
to router 2800 each switch contain 2 vlan (vlan 14 and vlan 10)
i use routing rip in pix
how i can prevent user of vlan 14 from enter to vlan 10 and user
of vlan 10 from enter to vlan 14 (mean i want the user on each VLAN not to be able to see the shearing file on other vlan)
exept ip 172.16.14.20
and 172.16.10.20
network for switch is
172.16.14.0
172.16.10.0
thanks
ASKER
hi
thanks for your reply
must i put the access list in router on interface VLAN 10 and 14
thanks
thanks for your reply
must i put the access list in router on interface VLAN 10 and 14
thanks
you can put on vlan interface or router as feasible to you.
for router you need some modifications in above.
ASKER
hi
thanks for your reply
how i can ues it in router
if iam not able to put in router must i put in switch
must i enter to interface vlan 1 and vlan 2
thanks
thanks for your reply
how i can ues it in router
if iam not able to put in router must i put in switch
must i enter to interface vlan 1 and vlan 2
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi srgilani
thanks for your reply
iam turn off VLAN 1
yes my layer 3 switch is routing 4 switch
where i can put these command
thanks
thanks for your reply
iam turn off VLAN 1
yes my layer 3 switch is routing 4 switch
where i can put these command
thanks
on your layer 3 switch and then apply to all those ports which connect to 2950.
ASKER
hi
thanks
how i can apply to all ports
what command i use
thanks
thanks
how i can apply to all ports
what command i use
thanks
access-group in 101
ASKER
hi
can i enter to each VLAN in layer 3 switch and put
access-list 101 permit host 172.16.14.20 any
access-list 101 permit host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 172.16.10.0
access-list 101 deny ip 172.16.10.0 172.16.14.0
access-list permit ip any any
access-group in 101
thanks
can i enter to each VLAN in layer 3 switch and put
access-list 101 permit host 172.16.14.20 any
access-list 101 permit host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 172.16.10.0
access-list 101 deny ip 172.16.10.0 172.16.14.0
access-list permit ip any any
access-group in 101
thanks
no put access-list in global configuration
and just put below in your all vlan of layer 3
access-group in 101
and just put below in your all vlan of layer 3
access-group in 101
ASKER
hi
>>>no put access-list in global configuration
you mean VLAN 1
thanks
>>>no put access-list in global configuration
you mean VLAN 1
thanks
global config means
config terminal
now create access-list here
config terminal
now create access-list here
ASKER
thanks srgilani
switch having ip range 172.16.10.0
access-list 101 permit ip host 172.16.14.20 any
access-list 101 deny ip 172.16.14.0 any
access-list 101 permit ip any any
switch having ip range 172.16.14.0
access-list 101 permit ip host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 any
access-list 101 permit ip any any