Solved

access list help

Posted on 2006-11-10
15
244 Views
Last Modified: 2010-04-10
hi
if i have 4 switch 2950 each two switch connect to distrbution
switch (layer 3 switch using to routing ) then the two
distrbution switch connect to core switch then to pix 525 then
to router 2800 each switch contain 2 vlan (vlan 14 and vlan 10)
i use routing rip in pix
how i can prevent user of vlan 14 from enter to vlan 10 and user
of vlan 10 from enter to vlan 14 (mean i want the user on each VLAN not to be able to see the shearing file on other vlan)
exept ip 172.16.14.20
and 172.16.10.20
network for switch is
172.16.14.0
172.16.10.0

thanks
0
Comment
Question by:nasemabdullaa
  • 8
  • 7
15 Comments
 
LVL 10

Expert Comment

by:srgilani
ID: 17912857
put below access-list in your both vlans

switch having ip range 172.16.10.0

access-list 101 permit ip host 172.16.14.20 any
access-list 101 deny ip 172.16.14.0 any
access-list 101 permit ip any any


switch having ip range 172.16.14.0

access-list 101 permit ip host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 any
access-list 101 permit ip any any


0
 

Author Comment

by:nasemabdullaa
ID: 17912913
hi
thanks for your reply
must i put the access list in router on interface VLAN 10 and 14

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17912965
you can put on vlan interface or router as feasible to you.
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17912998
for router you need some modifications in above.
0
 

Author Comment

by:nasemabdullaa
ID: 17913058
hi
thanks for your reply
how i can ues it in router
if iam not able to put in router must i put in switch
must i enter to interface vlan 1 and vlan 2


thanks
0
 
LVL 10

Accepted Solution

by:
srgilani earned 500 total points
ID: 17913311
On your layer3 switch put below acces-list on your default vlan. (Assuming your layer 3 route traffic between 4 2950 switches)

access-list 101 permit host 172.16.14.20 any
access-list 101 permit host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 172.16.10.0
access-list 101 deny ip 172.16.10.0 172.16.14.0
access-list permit ip any any




0
 

Author Comment

by:nasemabdullaa
ID: 17913344
hi srgilani
thanks for your reply
iam turn off VLAN 1
yes my layer 3 switch is routing 4 switch
where i can put these command

thanks
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 10

Expert Comment

by:srgilani
ID: 17913389
on your layer 3 switch and then apply to all those ports which connect to 2950.
0
 

Author Comment

by:nasemabdullaa
ID: 17913414
hi
thanks
how i can apply to all ports
what command i use

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17913467
access-group in 101
0
 

Author Comment

by:nasemabdullaa
ID: 17913494
hi
can i enter to each VLAN in layer 3 switch and put

access-list 101 permit host 172.16.14.20 any
access-list 101 permit host 172.16.10.20 any
access-list 101 deny ip 172.16.14.0 172.16.10.0
access-list 101 deny ip 172.16.10.0 172.16.14.0
access-list permit ip any any
access-group in 101

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17913513
no put access-list in global configuration

and just put below in your all vlan of layer 3


access-group in 101
0
 

Author Comment

by:nasemabdullaa
ID: 17913660
hi
>>>no put access-list in global configuration
you mean VLAN 1

thanks
0
 
LVL 10

Expert Comment

by:srgilani
ID: 17919786
global config means

config terminal
now create access-list here
0
 

Author Comment

by:nasemabdullaa
ID: 17920330
thanks srgilani

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I was recently sitting at a desk at work with one of my colleagues and needed some information on my home computer. He watched as I turned on my home computer, established a remote session into it, got the information I needed and then shut it down …
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now