Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

3com 5500 Access Control List Help

Status
Not open for further replies.

agsfafasdfafasdf

IS-IT--Management
Mar 15, 2012
1
US
We have a couple of 3com 5500 switches with a couple of different vlans between 2 buildings. We also have a wx2200 wireless controller. We have vlan 1, 2, 3, 4, 5, 6, 7. Vlan 7 is a guest vlan for wireless access. Vlan 6 is wireless for staff, the other vlans are wired jacks for various departments. Say vlan 7 has an ip range of 10.0.10.0 255.255.255.0, that vlan should not access any other vlans on the network. Instead of creating an ACL with a bunch of rules for the different IP segments of each VLAN, is it possible to create an ACL like this for example:

ACL 3000

rule 1 permit ip source 10.0.10.0 0.0.0.255 destination 10.0.30.254 0.0.0.255

rule 2 deny ip source 10.0.10.0 0.0.0.255 destination any

then apply that rule to each VLAN? In my mind with this setup I am thinking that any time an IP address from the guest vlan segment tries to enter one of those other vlan segments, it will be blocked. The guest vlan should only be able to hit the web. The permit rule would be the ip address going to the router.

Thank you for your help
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top