SihleIns
asked on
VLAN ACL Configuration Help.
I have a Cisco 4503 switch with Catalyst 2960G attached to it. I also have 2 different VLAN's that I want to use ACL's to control traffic.
Server VLAN 10
Client Computer VLAN 15
I want to allow VLAN 15 access to the VLAN 10 with access to only the following ports (TCP and UDP): 80, 443, 53, 3389, 1494, 135 - 139
*ANY access to IP 10.0.0.4
*LDAP access to IP 10.0.0.2
*LDAP access to IP 10.0.0.5
*Kerberos access to IP 10.0.0.2
*Kerberos access to IP 10.0.0.5
I'm not sure what commands to use to create this config. Thanks for the help!
Server VLAN 10
Client Computer VLAN 15
I want to allow VLAN 15 access to the VLAN 10 with access to only the following ports (TCP and UDP): 80, 443, 53, 3389, 1494, 135 - 139
*ANY access to IP 10.0.0.4
*LDAP access to IP 10.0.0.2
*LDAP access to IP 10.0.0.5
*Kerberos access to IP 10.0.0.2
*Kerberos access to IP 10.0.0.5
I'm not sure what commands to use to create this config. Thanks for the help!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help. I would assume that there is always a deny all at the end which means I would have to add these same commands to the ACL for additonal VLAN to have to VLAN 10. Is that correct? email me back at WPlotkin@Sihle.com
This is filtering inbound to vlan 10 so you would need to add new lines if you had additonal subnet to allow into vlan 10.....
access-list 100 permit ip