?
Solved

Cisco 3550 config ACL to only permit specific addresses to the switch

Posted on 2011-04-20
3
Medium Priority
?
365 Views
Last Modified: 2012-05-11
Hello everyone

I need some help configuring ACL on a 3550

Here what I need to do

I have the 3550  with only the default VLAN configured on it.  VLAN IP address is  192.168.55.1/24  

The switch is connect to the backbone switch which has many other VLANs with the following IP addresses
192.168.1.0, 192.168.5.0, 192.168.8.0 etc

I need to only allow specific addresses from those VLANs on the backbone switch to access devices located in the default VLAN of the 3550 and at the same time allowing any devices on the 3550 to access everything everywhere.

How should I configure the ACL on the 3550

if you need more info, just let me know

Thanks

Michel


 
0
Comment
Question by:adv_expert
2 Comments
 
LVL 18

Accepted Solution

by:
jmeggers earned 2000 total points
ID: 35436901
access-list 100 deny ip <source> <wildcard_mask> 192.168.55.0 0.0.0.255
access-list 100 permit ip <source> <wildcard_mask> 192.168.55.0 0.0.0.255

interface vlan 1
ip access-group 100 in

put any deny statements in front if needed.  There's an implicit "deny ip any any" statement at the end of the ACL so make sure you have at least some permit statements or nothing will be allowed.

I'm pretty sure object-groups are not supported on that platform (may depend on the IOS version) but they make life much easier with ACLs.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35937192
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question