Solved

ACL on Cisco 3750 to allow VLAN1 to access only 1 host on VLAN2

Posted on 2011-03-19
4
1,104 Views
Last Modified: 2012-05-11
Hi,

I have created a new VLAN on my 3750 switch and I need following:

VLAN 1 (192.168.90.0 /24) need to have access to only 1 IP (192.168.80.11)  on VLAN 2 (192.168.80.0 /24)

What ACL need to be defined for VLAN1 and VLAN2

Any help appreciated.
0
Comment
Question by:AMTPJ_IT
  • 2
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 35172502
interface vlan1
 ip access-group VLAN1 in

access-list extended VLAN1
 permit ip 192.168.90.0 0.0.0.255 host 192.168.80.11
 deny ip 192.168.90.0 0.0.0.255 192.168.80.0 0.0.0.255
 permit ip any any

Best regards Kvistofta
0
 

Author Comment

by:AMTPJ_IT
ID: 35174313
Hi,

I am still unable to ping the second VLAN IP after doing this config

interface Vlan1
 ip address 139.53.61.65 255.255.255.224
!
interface Vlan10
 ip address 10.164.200.2 255.255.252.0
 ip helper-address 139.53.61.67
!
interface Vlan20
 no ip address
!
interface Vlan40
 ip address 10.164.204.1 255.255.255.0
 ip helper-address 10.164.204.254
!
interface Vlan50
 ip address 10.164.207.1 255.255.255.0
!
interface Vlan80
 description *Siemens-WIFI-Access*
 no ip address
!
interface Vlan90
 description *Consultants VLAN*
 ip address 192.168.90.1 255.255.254.0
 ip access-group Consultant in
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.164.200.1
ip route 10.164.204.253 255.255.255.255 10.164.204.254
ip http server
!
ip access-list extended Consultant
 permit ip 192.168.90.0 0.0.0.255 host 139.53.61.67
 permit ip 192.168.90.0 0.0.0.255 host 139.53.61.69
 deny   ip 192.168.90.0 0.0.0.255 139.53.61.64 0.0.0.31
 permit ip any any
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 35174329
so which ip addresses are we talking about? For example 192.168.80.11 in your original questionsnt mentioned in your configuration output above.

/Kvistofta
0
 

Author Comment

by:AMTPJ_IT
ID: 35174717
Hi Kvistoffa,

My mistake, problem is resolved as I was trying to access second VLAN using WiFi SSID which was configured on WLAN controller. After correcting config on controller, i am able to ping the second VLAN.

Thanks for your support.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now