Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 587
  • Last Modified:

Cisco Access List to prevent other vlan from accessing a host

Hi guys, need your advise. I have 5 Vlans that are routable. PCs are able to communicate with any other pcs in different vlan. I have vlan 5, 10, 15, 20. I need to put a server in vlan 5 and prevent any other host from vlan 10 and 15 from accessing it with the exception of vlan 20. How should I write the ACL?
0
totallypatrick
Asked:
totallypatrick
1 Solution
 
totallypatrickAuthor Commented:
Say the server ip is 192.168.5.10. How do i deny traffic from everyone to this server except traffic from its own vlan? Thanks!
0
 
lrmooreCommented:
I would create 2 acls and apply them to interfaces 10 and 15.

access-list 123 deny ip any host 192.168.5.10
access-list 123 permit ip any any
access-list 124 deny ip any host 192.168.5.10
access-list 124 permit ip any any
interface vlan 10
 ip access-group 123 in
interface vlan 15
 ip access-group 124 in

Why 2 different acls that are identical? Personal preference. I think it makes troubleshooting easier. If you use the same acl and you look at hitcounts, you don't know which vlan those hitcounts came from.
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now