Create an ACL for a VLAN

MIT-Techs
MIT-Techs used Ask the Experts™
on
I have an issue where I need to create an access list for a vlan. I assumed this was the same as any other ACL, but it looks like I am wrong.

I created VLAN 410 on a C3750 with an IP Address of 192.168.52.1 255.255.255.252

I need to make sure only a single IP address can send or receive on this VLAN.
How would I make this happen?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Here's a crude example:

interface vlan 410
ip address 10.1.0.1 255.255.255.0
ip access-group BAN_VLAN_2 in
!
interface vlan 2
ip address 10.2.0.1 255.255.255.0
!
interface vlan 3
ip address 10.3.0.1 255.255.255.0
ip access-group BAN_VLAN_2 in
!
ip access-list extended BAN_VLAN_2
permit ip host 10.2.0.45 any
deny ip 10.2.0.0 0.0.0.255 any

Open in new window

Instructor
Top Expert 2015
Commented:
I need to make sure only a single IP address can send or receive on this VLAN.
How would I make this happen?
If you're trying to restrict traffic on the VLAN, you'll need to use a VLAN ACL (VACL).

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_seb/configuration/guide/swacl.html#wp1075437

ip access-list extended homer
 permit ip 10.1.1.1 0.0.0.0 any
vlan access-map simpson
 match ip address homer
 action drop
vlan filter simpson vlan-list 10

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial