TrustGroup-UAE
asked on
Cisco Access Control List
Hi Experts,
Hope somebody could help out here. I'm banging my head trying to sort a simple issue!
Basically we have multiple VLAN's Setup on out Router:-
interface FastEthernet0/1.101
desc ** Management LAN **
encapsulation dot1Q 101 native
ip address 10.1.1.1 255.255.255.0
ip helper-address 10.1.1.101
ip helper-address 10.1.1.102
ip virtual-reassembly in
!
interface FastEthernet0/1.102
desc ** Voice LAN **
encapsulation dot1Q 102
ip address 10.1.2.1 255.255.255.0
ip helper-address 10.1.2.20
ip helper-address 10.1.2.21
ip virtual-reassembly in
service-policy input DROP_TRAFFIC
service-policy output DROP_TRAFFIC
!
interface FastEthernet0/1.103
desc ** CCTV and T&A LAN **
encapsulation dot1Q 103
ip address 10.1.3.1 255.255.255.0
ip virtual-reassembly in
service-policy input DROP_TRAFFIC
service-policy output DROP_TRAFFIC
!
interface FastEthernet0/1.104
desc ** Wireless LAN **
encapsulation dot1Q 104
ip address 10.1.4.1 255.255.255.0
ip helper-address 10.1.1.101
ip helper-address 10.1.1.102
ip virtual-reassembly in
service-policy input DROP_TRAFFIC
service-policy output DROP_TRAFFIC
!
interface FastEthernet0/1.110
desc ** Clients LAN **
encapsulation dot1Q 110
ip address 10.1.110.1 255.255.255.0
ip helper-address 10.1.1.101
ip helper-address 10.1.1.102
ip virtual-reassembly in
service-policy input DROP_TRAFFIC
service-policy output DROP_TRAFFIC
interface FastEthernet0/1.190
desc ** Internet Only LAN **
encapsulation dot1Q 190
ip address 10.1.190.1 255.255.255.0
ip virtual-reassembly in
interface FastEthernet0/1.191
desc ** Internet Only LAN **
encapsulation dot1Q 191
ip address 10.1.191.1 255.255.255.0
ip virtual-reassembly in
I have setup a DHCP Scope on the Router to serve the Internet Only LAN - 10.1.191.0
What I would like to do is add a ACL which blocks 10.1.191.0 from accessing any of the other VLAN's, but allow traffic out of our Internet Router on 10.1.1.4.
Could anybody possibly Help or point me in the right direction?
Cheers
TME
Hope somebody could help out here. I'm banging my head trying to sort a simple issue!
Basically we have multiple VLAN's Setup on out Router:-
interface FastEthernet0/1.101
desc ** Management LAN **
encapsulation dot1Q 101 native
ip address 10.1.1.1 255.255.255.0
ip helper-address 10.1.1.101
ip helper-address 10.1.1.102
ip virtual-reassembly in
!
interface FastEthernet0/1.102
desc ** Voice LAN **
encapsulation dot1Q 102
ip address 10.1.2.1 255.255.255.0
ip helper-address 10.1.2.20
ip helper-address 10.1.2.21
ip virtual-reassembly in
service-policy input DROP_TRAFFIC
service-policy output DROP_TRAFFIC
!
interface FastEthernet0/1.103
desc ** CCTV and T&A LAN **
encapsulation dot1Q 103
ip address 10.1.3.1 255.255.255.0
ip virtual-reassembly in
service-policy input DROP_TRAFFIC
service-policy output DROP_TRAFFIC
!
interface FastEthernet0/1.104
desc ** Wireless LAN **
encapsulation dot1Q 104
ip address 10.1.4.1 255.255.255.0
ip helper-address 10.1.1.101
ip helper-address 10.1.1.102
ip virtual-reassembly in
service-policy input DROP_TRAFFIC
service-policy output DROP_TRAFFIC
!
interface FastEthernet0/1.110
desc ** Clients LAN **
encapsulation dot1Q 110
ip address 10.1.110.1 255.255.255.0
ip helper-address 10.1.1.101
ip helper-address 10.1.1.102
ip virtual-reassembly in
service-policy input DROP_TRAFFIC
service-policy output DROP_TRAFFIC
interface FastEthernet0/1.190
desc ** Internet Only LAN **
encapsulation dot1Q 190
ip address 10.1.190.1 255.255.255.0
ip virtual-reassembly in
interface FastEthernet0/1.191
desc ** Internet Only LAN **
encapsulation dot1Q 191
ip address 10.1.191.1 255.255.255.0
ip virtual-reassembly in
I have setup a DHCP Scope on the Router to serve the Internet Only LAN - 10.1.191.0
What I would like to do is add a ACL which blocks 10.1.191.0 from accessing any of the other VLAN's, but allow traffic out of our Internet Router on 10.1.1.4.
Could anybody possibly Help or point me in the right direction?
Cheers
TME
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
haha mistake