Solved

access list help

Posted on 2006-11-10
15
247 Views
Last Modified: 2010-04-10
hi
if i have 4 switch 2950 each two switch connect to distrbution
switch (layer 3 switch using to routing ) then the two
distrbution switch connect to core switch then to pix 525 then
to router 2800 each switch contain 2 vlan (vlan 14 and vlan 10)
i use routing rip in pix
how i can prevent user of vlan 14 from enter to vlan 10 and user
of vlan 10 from enter to vlan 14 (mean i want the user on each VLAN not to be able to see the shearing file on other vlan)
exept ip 172.16.14.20
and 172.16.10.20
network for switch is
172.16.14.0
172.16.10.0

thanks
0
Comment
Question by:nasemabdullaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 7
15 Comments
 
LVL 10

Expert Comment

by:srgilani
ID: 17912857
put below access-list in your both vlans

switch having ip range 172.16.10.0

access-list 101 permit ip host 172.16.14.20 any
access-list 101 deny ip 172.16.14.0 any
access-list 101 permit ip any any


switch having ip range 172.16.14.0

access-list 101 permit ip host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 any
access-list 101 permit ip any any


0
 

Author Comment

by:nasemabdullaa
ID: 17912913
hi
thanks for your reply
must i put the access list in router on interface VLAN 10 and 14

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17912965
you can put on vlan interface or router as feasible to you.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 10

Expert Comment

by:srgilani
ID: 17912998
for router you need some modifications in above.
0
 

Author Comment

by:nasemabdullaa
ID: 17913058
hi
thanks for your reply
how i can ues it in router
if iam not able to put in router must i put in switch
must i enter to interface vlan 1 and vlan 2


thanks
0
 
LVL 10

Accepted Solution

by:
srgilani earned 500 total points
ID: 17913311
On your layer3 switch put below acces-list on your default vlan. (Assuming your layer 3 route traffic between 4 2950 switches)

access-list 101 permit host 172.16.14.20 any
access-list 101 permit host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 172.16.10.0
access-list 101 deny ip 172.16.10.0 172.16.14.0
access-list permit ip any any




0
 

Author Comment

by:nasemabdullaa
ID: 17913344
hi srgilani
thanks for your reply
iam turn off VLAN 1
yes my layer 3 switch is routing 4 switch
where i can put these command

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17913389
on your layer 3 switch and then apply to all those ports which connect to 2950.
0
 

Author Comment

by:nasemabdullaa
ID: 17913414
hi
thanks
how i can apply to all ports
what command i use

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17913467
access-group in 101
0
 

Author Comment

by:nasemabdullaa
ID: 17913494
hi
can i enter to each VLAN in layer 3 switch and put

access-list 101 permit host 172.16.14.20 any
access-list 101 permit host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 172.16.10.0
access-list 101 deny ip 172.16.10.0 172.16.14.0
access-list permit ip any any
access-group in 101

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17913513
no put access-list in global configuration

and just put below in your all vlan of layer 3


access-group in 101
0
 

Author Comment

by:nasemabdullaa
ID: 17913660
hi
>>>no put access-list in global configuration
you mean VLAN 1

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17919786
global config means

config terminal
now create access-list here
0
 

Author Comment

by:nasemabdullaa
ID: 17920330
thanks srgilani

0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Understanding Extended-Access List 6 72
CentOS 7 wireless 2 76
Low ampere 10 110
how to add AVG to a network workstation using AVG Admin Console? 2 29
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question