Link to home
Start Free TrialLog in
Avatar of bntech
bntechFlag for United States of America

asked on

Access-list for restricting vlan communication

I have a Cisco 3560G Version 12.2(44)

I want to restrict specific VLAN's from talking to VLAN 75. Reason is that I want an isolated vlan for us to build up a new domain in or you could consider it a test network that we don't want to have interaction with our live network, but it has to have connection to the internet. As it stands right now, Vlan 75 has connectivity to all the other internal VLANs and the itnernet. I have tried using the following configuration and so far it does not appear to function as expected.

interface vlan 75
ip access-group 75 in

access-list 75 deny 192.168.0.0 0.0.0.255
access-list 75 permit any

I have also tried applying the ip access-group to the interface that the vlan 75 devices sit on and still does not work.
I've tried messing around with different ways of deny/permitting subnets inside the access-list 75 and still cannot get it to work.
1 of 2 things happens when I add commands to the access-list. Either it does not restrict the communication between the 2 vlans or it restricts vlan 75 from talking to anything and everything on the internal network and the internet.

Any assistance would be much appreciated.
ASKER CERTIFIED SOLUTION
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Please do not ask why Cisco made that decision.
What decision?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Also, unblock your DNS in ACL or use 8.8.8.8/similar.
Avatar of bntech

ASKER

Thank you very much for your assistance. I was able to accomplish my goal with the suggested solution. Appreciate the help guys!