Solved

ACL on Cisco 3750 to allow VLAN1 to access only 1 host on VLAN2

Posted on 2011-03-19
4
1,159 Views
Last Modified: 2012-05-11
Hi,

I have created a new VLAN on my 3750 switch and I need following:

VLAN 1 (192.168.90.0 /24) need to have access to only 1 IP (192.168.80.11)  on VLAN 2 (192.168.80.0 /24)

What ACL need to be defined for VLAN1 and VLAN2

Any help appreciated.
0
Comment
Question by:AMTPJ_IT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 17

Accepted Solution

by:
Kvistofta earned 500 total points
ID: 35172502
interface vlan1
 ip access-group VLAN1 in

access-list extended VLAN1
 permit ip 192.168.90.0 0.0.0.255 host 192.168.80.11
 deny ip 192.168.90.0 0.0.0.255 192.168.80.0 0.0.0.255
 permit ip any any

Best regards Kvistofta
0
 

Author Comment

by:AMTPJ_IT
ID: 35174313
Hi,

I am still unable to ping the second VLAN IP after doing this config

interface Vlan1
 ip address 139.53.61.65 255.255.255.224
!
interface Vlan10
 ip address 10.164.200.2 255.255.252.0
 ip helper-address 139.53.61.67
!
interface Vlan20
 no ip address
!
interface Vlan40
 ip address 10.164.204.1 255.255.255.0
 ip helper-address 10.164.204.254
!
interface Vlan50
 ip address 10.164.207.1 255.255.255.0
!
interface Vlan80
 description *Siemens-WIFI-Access*
 no ip address
!
interface Vlan90
 description *Consultants VLAN*
 ip address 192.168.90.1 255.255.254.0
 ip access-group Consultant in
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.164.200.1
ip route 10.164.204.253 255.255.255.255 10.164.204.254
ip http server
!
ip access-list extended Consultant
 permit ip 192.168.90.0 0.0.0.255 host 139.53.61.67
 permit ip 192.168.90.0 0.0.0.255 host 139.53.61.69
 deny   ip 192.168.90.0 0.0.0.255 139.53.61.64 0.0.0.31
 permit ip any any
0
 
LVL 17

Expert Comment

by:Kvistofta
ID: 35174329
so which ip addresses are we talking about? For example 192.168.80.11 in your original questionsnt mentioned in your configuration output above.

/Kvistofta
0
 

Author Comment

by:AMTPJ_IT
ID: 35174717
Hi Kvistoffa,

My mistake, problem is resolved as I was trying to access second VLAN using WiFi SSID which was configured on WLAN controller. After correcting config on controller, i am able to ping the second VLAN.

Thanks for your support.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Make the most of your online learning experience.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month6 days, 5 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question