agsfafasdfafasdf
IS-IT--Management
We have a couple of 3com 5500 switches with a couple of different vlans between 2 buildings. We also have a wx2200 wireless controller. We have vlan 1, 2, 3, 4, 5, 6, 7. Vlan 7 is a guest vlan for wireless access. Vlan 6 is wireless for staff, the other vlans are wired jacks for various departments. Say vlan 7 has an ip range of 10.0.10.0 255.255.255.0, that vlan should not access any other vlans on the network. Instead of creating an ACL with a bunch of rules for the different IP segments of each VLAN, is it possible to create an ACL like this for example:
ACL 3000
rule 1 permit ip source 10.0.10.0 0.0.0.255 destination 10.0.30.254 0.0.0.255
rule 2 deny ip source 10.0.10.0 0.0.0.255 destination any
then apply that rule to each VLAN? In my mind with this setup I am thinking that any time an IP address from the guest vlan segment tries to enter one of those other vlan segments, it will be blocked. The guest vlan should only be able to hit the web. The permit rule would be the ip address going to the router.
Thank you for your help
ACL 3000
rule 1 permit ip source 10.0.10.0 0.0.0.255 destination 10.0.30.254 0.0.0.255
rule 2 deny ip source 10.0.10.0 0.0.0.255 destination any
then apply that rule to each VLAN? In my mind with this setup I am thinking that any time an IP address from the guest vlan segment tries to enter one of those other vlan segments, it will be blocked. The guest vlan should only be able to hit the web. The permit rule would be the ip address going to the router.
Thank you for your help