Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ACL on Cisco 3750 to allow VLAN1 to access only 1 host on VLAN2

Posted on 2011-03-19
4
Medium Priority
?
1,193 Views
Last Modified: 2012-05-11
Hi,

I have created a new VLAN on my 3750 switch and I need following:

VLAN 1 (192.168.90.0 /24) need to have access to only 1 IP (192.168.80.11)  on VLAN 2 (192.168.80.0 /24)

What ACL need to be defined for VLAN1 and VLAN2

Any help appreciated.
0
Comment
Question by:AMTPJ_IT
  • 2
  • 2
4 Comments
 
LVL 18

Accepted Solution

by:
Jimmy Larsson, CISSP, CEH earned 2000 total points
ID: 35172502
interface vlan1
 ip access-group VLAN1 in

access-list extended VLAN1
 permit ip 192.168.90.0 0.0.0.255 host 192.168.80.11
 deny ip 192.168.90.0 0.0.0.255 192.168.80.0 0.0.0.255
 permit ip any any

Best regards Kvistofta
0
 

Author Comment

by:AMTPJ_IT
ID: 35174313
Hi,

I am still unable to ping the second VLAN IP after doing this config

interface Vlan1
 ip address 139.53.61.65 255.255.255.224
!
interface Vlan10
 ip address 10.164.200.2 255.255.252.0
 ip helper-address 139.53.61.67
!
interface Vlan20
 no ip address
!
interface Vlan40
 ip address 10.164.204.1 255.255.255.0
 ip helper-address 10.164.204.254
!
interface Vlan50
 ip address 10.164.207.1 255.255.255.0
!
interface Vlan80
 description *Siemens-WIFI-Access*
 no ip address
!
interface Vlan90
 description *Consultants VLAN*
 ip address 192.168.90.1 255.255.254.0
 ip access-group Consultant in
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.164.200.1
ip route 10.164.204.253 255.255.255.255 10.164.204.254
ip http server
!
ip access-list extended Consultant
 permit ip 192.168.90.0 0.0.0.255 host 139.53.61.67
 permit ip 192.168.90.0 0.0.0.255 host 139.53.61.69
 deny   ip 192.168.90.0 0.0.0.255 139.53.61.64 0.0.0.31
 permit ip any any
0
 
LVL 18

Expert Comment

by:Jimmy Larsson, CISSP, CEH
ID: 35174329
so which ip addresses are we talking about? For example 192.168.80.11 in your original questionsnt mentioned in your configuration output above.

/Kvistofta
0
 

Author Comment

by:AMTPJ_IT
ID: 35174717
Hi Kvistoffa,

My mistake, problem is resolved as I was trying to access second VLAN using WiFi SSID which was configured on WLAN controller. After correcting config on controller, i am able to ping the second VLAN.

Thanks for your support.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question