• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 252
  • Last Modified:

access list help

hi
if i have 4 switch 2950 each two switch connect to distrbution
switch (layer 3 switch using to routing ) then the two
distrbution switch connect to core switch then to pix 525 then
to router 2800 each switch contain 2 vlan (vlan 14 and vlan 10)
i use routing rip in pix
how i can prevent user of vlan 14 from enter to vlan 10 and user
of vlan 10 from enter to vlan 14 (mean i want the user on each VLAN not to be able to see the shearing file on other vlan)
exept ip 172.16.14.20
and 172.16.10.20
network for switch is
172.16.14.0
172.16.10.0

thanks
0
nasemabdullaa
Asked:
nasemabdullaa
  • 8
  • 7
1 Solution
 
srgilaniCommented:
put below access-list in your both vlans

switch having ip range 172.16.10.0

access-list 101 permit ip host 172.16.14.20 any
access-list 101 deny ip 172.16.14.0 any
access-list 101 permit ip any any


switch having ip range 172.16.14.0

access-list 101 permit ip host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 any
access-list 101 permit ip any any


0
 
nasemabdullaaAuthor Commented:
hi
thanks for your reply
must i put the access list in router on interface VLAN 10 and 14

thanks
0
 
srgilaniCommented:
you can put on vlan interface or router as feasible to you.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
srgilaniCommented:
for router you need some modifications in above.
0
 
nasemabdullaaAuthor Commented:
hi
thanks for your reply
how i can ues it in router
if iam not able to put in router must i put in switch
must i enter to interface vlan 1 and vlan 2


thanks
0
 
srgilaniCommented:
On your layer3 switch put below acces-list on your default vlan. (Assuming your layer 3 route traffic between 4 2950 switches)

access-list 101 permit host 172.16.14.20 any
access-list 101 permit host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 172.16.10.0
access-list 101 deny ip 172.16.10.0 172.16.14.0
access-list permit ip any any




0
 
nasemabdullaaAuthor Commented:
hi srgilani
thanks for your reply
iam turn off VLAN 1
yes my layer 3 switch is routing 4 switch
where i can put these command

thanks
0
 
srgilaniCommented:
on your layer 3 switch and then apply to all those ports which connect to 2950.
0
 
nasemabdullaaAuthor Commented:
hi
thanks
how i can apply to all ports
what command i use

thanks
0
 
srgilaniCommented:
access-group in 101
0
 
nasemabdullaaAuthor Commented:
hi
can i enter to each VLAN in layer 3 switch and put

access-list 101 permit host 172.16.14.20 any
access-list 101 permit host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 172.16.10.0
access-list 101 deny ip 172.16.10.0 172.16.14.0
access-list permit ip any any
access-group in 101

thanks
0
 
srgilaniCommented:
no put access-list in global configuration

and just put below in your all vlan of layer 3


access-group in 101
0
 
nasemabdullaaAuthor Commented:
hi
>>>no put access-list in global configuration
you mean VLAN 1

thanks
0
 
srgilaniCommented:
global config means

config terminal
now create access-list here
0
 
nasemabdullaaAuthor Commented:
thanks srgilani

0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 8
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now