Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

ACL on Cisco 3750 to allow VLAN1 to access only 1 host on VLAN2

Posted on 2011-03-19
4
Medium Priority
?
1,169 Views
Last Modified: 2012-05-11
Hi,

I have created a new VLAN on my 3750 switch and I need following:

VLAN 1 (192.168.90.0 /24) need to have access to only 1 IP (192.168.80.11)  on VLAN 2 (192.168.80.0 /24)

What ACL need to be defined for VLAN1 and VLAN2

Any help appreciated.
0
Comment
Question by:AMTPJ_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
Kvistofta earned 2000 total points
ID: 35172502
interface vlan1
 ip access-group VLAN1 in

access-list extended VLAN1
 permit ip 192.168.90.0 0.0.0.255 host 192.168.80.11
 deny ip 192.168.90.0 0.0.0.255 192.168.80.0 0.0.0.255
 permit ip any any

Best regards Kvistofta
0
 

Author Comment

by:AMTPJ_IT
ID: 35174313
Hi,

I am still unable to ping the second VLAN IP after doing this config

interface Vlan1
 ip address 139.53.61.65 255.255.255.224
!
interface Vlan10
 ip address 10.164.200.2 255.255.252.0
 ip helper-address 139.53.61.67
!
interface Vlan20
 no ip address
!
interface Vlan40
 ip address 10.164.204.1 255.255.255.0
 ip helper-address 10.164.204.254
!
interface Vlan50
 ip address 10.164.207.1 255.255.255.0
!
interface Vlan80
 description *Siemens-WIFI-Access*
 no ip address
!
interface Vlan90
 description *Consultants VLAN*
 ip address 192.168.90.1 255.255.254.0
 ip access-group Consultant in
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.164.200.1
ip route 10.164.204.253 255.255.255.255 10.164.204.254
ip http server
!
ip access-list extended Consultant
 permit ip 192.168.90.0 0.0.0.255 host 139.53.61.67
 permit ip 192.168.90.0 0.0.0.255 host 139.53.61.69
 deny   ip 192.168.90.0 0.0.0.255 139.53.61.64 0.0.0.31
 permit ip any any
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 35174329
so which ip addresses are we talking about? For example 192.168.80.11 in your original questionsnt mentioned in your configuration output above.

/Kvistofta
0
 

Author Comment

by:AMTPJ_IT
ID: 35174717
Hi Kvistoffa,

My mistake, problem is resolved as I was trying to access second VLAN using WiFi SSID which was configured on WLAN controller. After correcting config on controller, i am able to ping the second VLAN.

Thanks for your support.
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question