Solved

Access-lists on Cisco 3550 switches

Posted on 2010-11-16
5
713 Views
Last Modified: 2012-08-13
Below is a digram of my network.  Right now all networks can talk to each other.  For example, if I am on a server in the 10.4.0.0 network, from there I can RDP into a server in the 10.5.0.0 network.  I need to create a access-list so these networks can't talk to each other.  I am using VTP, thats why all switches share a common VLAN.  Can someone provide me with an access-list example to accomplish this.  thanks.


Switch Diagram
0
Comment
Question by:denver218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 25

Expert Comment

by:Ken Boone
ID: 34149012
So if you are on vlan 30 you do not want to get to vlan 40 or vlan 50?  Is that correct?  Should vlan 30 be allowed to get to the internet or any other networks?
0
 
LVL 4

Author Comment

by:denver218
ID: 34149161
Yes if I am on vlan 30, I don't want to see vlan 40 or 50.  I do want all network to have access to the internet.  Thanks.
0
 
LVL 4

Author Comment

by:denver218
ID: 34149268
I do have an Cisco ASA5510 on this network.  Should I just create an access-list on the inside for this on the ASA5510 instead of creating the access-list on switches?
0
 
LVL 25

Accepted Solution

by:
Ken Boone earned 500 total points
ID: 34149305

Here is the ACL for vlan 30 - this blocks access to vlan 40 and 50 and allows everything else.
ip access-list extended vlan30-acl
deny ip any 10.5.0.0 0.0.255.255
deny ip any 10.6.0.0 0.0.255.255
permit ip any any


Then on
interface vlan30
access-group vlan30-acl in


No you need to it on the switch instead of the asa.
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 34149477
That worked.  Thanks
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TL-R470T+ and Cisco ASA 2 45
Dlink-DIR 816 router 4 61
EIGRP Bandwidth 9 61
Tracert fails final hop at some client offices 3 45
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question