Solved

ACL on Cisco 3750 to allow VLAN1 to access only 1 host on VLAN2

Posted on 2011-03-19
4
1,146 Views
Last Modified: 2012-05-11
Hi,

I have created a new VLAN on my 3750 switch and I need following:

VLAN 1 (192.168.90.0 /24) need to have access to only 1 IP (192.168.80.11)  on VLAN 2 (192.168.80.0 /24)

What ACL need to be defined for VLAN1 and VLAN2

Any help appreciated.
0
Comment
Question by:AMTPJ_IT
  • 2
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 35172502
interface vlan1
 ip access-group VLAN1 in

access-list extended VLAN1
 permit ip 192.168.90.0 0.0.0.255 host 192.168.80.11
 deny ip 192.168.90.0 0.0.0.255 192.168.80.0 0.0.0.255
 permit ip any any

Best regards Kvistofta
0
 

Author Comment

by:AMTPJ_IT
ID: 35174313
Hi,

I am still unable to ping the second VLAN IP after doing this config

interface Vlan1
 ip address 139.53.61.65 255.255.255.224
!
interface Vlan10
 ip address 10.164.200.2 255.255.252.0
 ip helper-address 139.53.61.67
!
interface Vlan20
 no ip address
!
interface Vlan40
 ip address 10.164.204.1 255.255.255.0
 ip helper-address 10.164.204.254
!
interface Vlan50
 ip address 10.164.207.1 255.255.255.0
!
interface Vlan80
 description *Siemens-WIFI-Access*
 no ip address
!
interface Vlan90
 description *Consultants VLAN*
 ip address 192.168.90.1 255.255.254.0
 ip access-group Consultant in
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.164.200.1
ip route 10.164.204.253 255.255.255.255 10.164.204.254
ip http server
!
ip access-list extended Consultant
 permit ip 192.168.90.0 0.0.0.255 host 139.53.61.67
 permit ip 192.168.90.0 0.0.0.255 host 139.53.61.69
 deny   ip 192.168.90.0 0.0.0.255 139.53.61.64 0.0.0.31
 permit ip any any
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 35174329
so which ip addresses are we talking about? For example 192.168.80.11 in your original questionsnt mentioned in your configuration output above.

/Kvistofta
0
 

Author Comment

by:AMTPJ_IT
ID: 35174717
Hi Kvistoffa,

My mistake, problem is resolved as I was trying to access second VLAN using WiFi SSID which was configured on WLAN controller. After correcting config on controller, i am able to ping the second VLAN.

Thanks for your support.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question