Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...These forums are an excellent source and example of the way people can help each other..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > Data Transmission > Data Transmissions > Ethernet Forum

3com 5500 Access Control List Help

thread586-1678015
Read More Threads Like This One
agsfafasdfafasdf (IS/IT--Management)
15 Mar 12 22:53
We have a couple of 3com 5500 switches with a couple of different vlans between 2 buildings. We also have a wx2200 wireless controller. We have vlan 1, 2, 3, 4, 5, 6, 7. Vlan 7 is a guest vlan for wireless access. Vlan 6 is wireless for staff, the other vlans are wired jacks for various departments. Say vlan 7 has an ip range of 10.0.10.0 255.255.255.0, that vlan should not access any other vlans on the network. Instead of creating an ACL with a bunch of rules for the different IP segments of each VLAN, is it possible to create an ACL like this for example:

ACL 3000

rule 1 permit ip source 10.0.10.0 0.0.0.255 destination 10.0.30.254 0.0.0.255

rule 2 deny ip source 10.0.10.0 0.0.0.255 destination any

then apply that rule to each VLAN? In my mind with this setup I am thinking that any time an IP address from the guest vlan segment tries to enter one of those other vlan segments, it will be blocked. The guest vlan should only be able to hit the web. The permit rule would be the ip address going to the router.

Thank you for your help
Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To Ethernet

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close