Solved

access list help

Posted on 2006-11-10
15
245 Views
Last Modified: 2010-04-10
hi
if i have 4 switch 2950 each two switch connect to distrbution
switch (layer 3 switch using to routing ) then the two
distrbution switch connect to core switch then to pix 525 then
to router 2800 each switch contain 2 vlan (vlan 14 and vlan 10)
i use routing rip in pix
how i can prevent user of vlan 14 from enter to vlan 10 and user
of vlan 10 from enter to vlan 14 (mean i want the user on each VLAN not to be able to see the shearing file on other vlan)
exept ip 172.16.14.20
and 172.16.10.20
network for switch is
172.16.14.0
172.16.10.0

thanks
0
Comment
Question by:nasemabdullaa
  • 8
  • 7
15 Comments
 
LVL 10

Expert Comment

by:srgilani
ID: 17912857
put below access-list in your both vlans

switch having ip range 172.16.10.0

access-list 101 permit ip host 172.16.14.20 any
access-list 101 deny ip 172.16.14.0 any
access-list 101 permit ip any any


switch having ip range 172.16.14.0

access-list 101 permit ip host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 any
access-list 101 permit ip any any


0
 

Author Comment

by:nasemabdullaa
ID: 17912913
hi
thanks for your reply
must i put the access list in router on interface VLAN 10 and 14

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17912965
you can put on vlan interface or router as feasible to you.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 10

Expert Comment

by:srgilani
ID: 17912998
for router you need some modifications in above.
0
 

Author Comment

by:nasemabdullaa
ID: 17913058
hi
thanks for your reply
how i can ues it in router
if iam not able to put in router must i put in switch
must i enter to interface vlan 1 and vlan 2


thanks
0
 
LVL 10

Accepted Solution

by:
srgilani earned 500 total points
ID: 17913311
On your layer3 switch put below acces-list on your default vlan. (Assuming your layer 3 route traffic between 4 2950 switches)

access-list 101 permit host 172.16.14.20 any
access-list 101 permit host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 172.16.10.0
access-list 101 deny ip 172.16.10.0 172.16.14.0
access-list permit ip any any




0
 

Author Comment

by:nasemabdullaa
ID: 17913344
hi srgilani
thanks for your reply
iam turn off VLAN 1
yes my layer 3 switch is routing 4 switch
where i can put these command

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17913389
on your layer 3 switch and then apply to all those ports which connect to 2950.
0
 

Author Comment

by:nasemabdullaa
ID: 17913414
hi
thanks
how i can apply to all ports
what command i use

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17913467
access-group in 101
0
 

Author Comment

by:nasemabdullaa
ID: 17913494
hi
can i enter to each VLAN in layer 3 switch and put

access-list 101 permit host 172.16.14.20 any
access-list 101 permit host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 172.16.10.0
access-list 101 deny ip 172.16.10.0 172.16.14.0
access-list permit ip any any
access-group in 101

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17913513
no put access-list in global configuration

and just put below in your all vlan of layer 3


access-group in 101
0
 

Author Comment

by:nasemabdullaa
ID: 17913660
hi
>>>no put access-list in global configuration
you mean VLAN 1

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17919786
global config means

config terminal
now create access-list here
0
 

Author Comment

by:nasemabdullaa
ID: 17920330
thanks srgilani

0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question