Cisco 3550 config ACL to only permit specific addresses to the switch

Posted on 2011-04-20
Last Modified: 2012-05-11
Hello everyone

I need some help configuring ACL on a 3550

Here what I need to do

I have the 3550  with only the default VLAN configured on it.  VLAN IP address is  

The switch is connect to the backbone switch which has many other VLANs with the following IP addresses,, etc

I need to only allow specific addresses from those VLANs on the backbone switch to access devices located in the default VLAN of the 3550 and at the same time allowing any devices on the 3550 to access everything everywhere.

How should I configure the ACL on the 3550

if you need more info, just let me know



Question by:adv_expert
    LVL 18

    Accepted Solution

    access-list 100 deny ip <source> <wildcard_mask>
    access-list 100 permit ip <source> <wildcard_mask>

    interface vlan 1
    ip access-group 100 in

    put any deny statements in front if needed.  There's an implicit "deny ip any any" statement at the end of the ACL so make sure you have at least some permit statements or nothing will be allowed.

    I'm pretty sure object-groups are not supported on that platform (may depend on the IOS version) but they make life much easier with ACLs.
    LVL 67

    Expert Comment

    This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

    Featured Post

    Free camera licenses with purchase of My Cloud NAS

    Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

    Join & Write a Comment

    Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    730 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now