Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 587
  • Last Modified:

Cisco Access List to prevent other vlan from accessing a host

Hi guys, need your advise. I have 5 Vlans that are routable. PCs are able to communicate with any other pcs in different vlan. I have vlan 5, 10, 15, 20. I need to put a server in vlan 5 and prevent any other host from vlan 10 and 15 from accessing it with the exception of vlan 20. How should I write the ACL?
1 Solution
totallypatrickAuthor Commented:
Say the server ip is How do i deny traffic from everyone to this server except traffic from its own vlan? Thanks!
I would create 2 acls and apply them to interfaces 10 and 15.

access-list 123 deny ip any host
access-list 123 permit ip any any
access-list 124 deny ip any host
access-list 124 permit ip any any
interface vlan 10
 ip access-group 123 in
interface vlan 15
 ip access-group 124 in

Why 2 different acls that are identical? Personal preference. I think it makes troubleshooting easier. If you use the same acl and you look at hitcounts, you don't know which vlan those hitcounts came from.

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now