Link to home
Start Free TrialLog in
Avatar of pitchford
pitchford

asked on

Cisco ACL Help

I need a sanity check. I want to configure so that the server is only accessible from two other VLANs. For example, the server IP address is 10.4.0.26; the other VLAN requiring access is 10.4.12.0/24 and 10.4.17.0/24.

ip access-list extended SECURE
permit icmp any any
permit ip 10.4.12.0 0.0.0.255 host 10.4.0.26
permit ip 10.4.17.0 0.0.0.255 host 10.4.0.26
permit ip 10.4.0.0 0.0.0.255 host 10.4.0.26
deny ip any any

Would I apply this ACL on the interface that 10.4.0.26 is attached?
ASKER CERTIFIED SOLUTION
Avatar of mikegatti
mikegatti

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
extended ACLs are best to configure closer to the destination of where the packets are trying to get to as opposed to standard ACLs need to be closer to the source being they tend to drop alot of packets. so closer to the server would be best.
Avatar of pitchford
pitchford

ASKER

Mike, the acl you provided would deny all other traffic to that vlan. I'm still not satisfied with the setup... I will post my final config...
Not exactly what I'm looking for, but very close.