Avatar of CAAIPG
CAAIPG asked on

Limit access for a computer with Static IP to limited IP range on LAN

I am trying to figure out if I can do this by access lists.  I have a computer set up with a static ip (10.1.5.245) on VLAN 10.  VLAN 10's IP range 10.1.5.0/24.

I would like to limit the computer with the static IP to a limited range of IP's on the 10.1.5.0/24 subnet -- to be precise, using above addresses, I would like to limit the computer with static IP 10.1.5.245 to have access to only the address range 10.1.5.129 - 10.1.5.254 (10.1.5.128/25).  No access to the other computers in the range 10.1.5.1 - 10.1.5.127 (including ICMP).

All the computers on the LAN are connected to a Cisco 6506.  Can I do this using access lists for the port the static IP computer is plugged in to?  It's Friday and I am at a complete loss on how to do this!  Any help is appreciated and worth 500 points.
Network Security

Avatar of undefined
Last Comment
CAAIPG

8/22/2022 - Mon
Oliver

Do you have a bunch of vlans?
is the 6506 doing inter-vlan routing?
Woud the computer needs access to other serices from other subnets?
I am looking at recommending Vlan Access Lists (VACLS) for you.
ASKER
CAAIPG

Just have a couple of VLANS. For voice and data. No inter VLAN routing done yet. Have always wanted to segment my servers and workstations on different VLANS but never got around to it. This computer would only need services and access to the ip range that I have indicated -- which currently happens to be on the same subnet.

Thanks.
ASKER CERTIFIED SOLUTION
Oliver

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Oliver

access-list 101 deny ip host 10.1.5.245 10.1.5.0  0.0.0.127
access-list 101 permi ip any any
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER
CAAIPG

Well, I thought the above solution provided worked but unfortunately, it didn't. The reason it was behaving as I wanted it to was I has set the subnet mask to 255.255.255.128. The mask needs to be at 255.255.255.0. Any help -- will give more points or may be easier to just open a new question. Thanks.