I have just purchased a new 3560 for my company. This is brand new out of the box. I have written up some access-lists and I was just wondering if they would work correctly when put into production. Here is what I have so far. I basically want to know if I have the traffic allowed in one VLAN do I have to specify the same traffic in the other VLAN?
VLAN1=PC's Acl=101
VLAN3=Printers Acl=103
VLAN5=network monitors Acl=105
VLAN7=DNS and Mail servers Acl=107
VLan10= test domain Acl=110
VLAN11= Servers Acl=111
access-list 101 permit ip 192.168.1.0 0.0.0.255 172.16.99.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 101 permit ip host 192.168.1.7 host 192.168.11.66
access-list 101 permit ip 192.168.1.8 0.0.0.7 host 192.168.11.66
access-list 101 permit ip 192.168.1.16 0.0.0.1 host 192.168.11.66
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 192.168.11.145
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
int vlan1
ip access-group 101 in
exit
access-list 103 permit ip 192.168.3.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.7.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit host ip 192.168.3.65 192.168.11.0 0.0.0.255
access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 any
int vlan3
ip access-group 103 in
exit
access-list 105 permit ip 192.168.5.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 105 permit ip 192.168.5.0 0.0.0.255 host 192.168.3.65
access-list 105 permit ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 105 deny ip 192.168.5.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 105 permit ip 192.168.5.0 0.0.0.255 any
int vlan5
ip access-group 105 in
exit
access-list 107 permit ip 192.168.7.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.7.255
access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 107 deny ip 192.168.7.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 107 permit ip 192.168.7.0 0.0.0.255 any
int vlan7
ip access-group 107 in
exit
access-list 109 permit ip 192.168.9.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 109 permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.7.255
access-list 109 permit ip 192.168.9.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 109 permit ip 192.168.9.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 109 deny ip 192.168.9.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 109 permit ip 192.168.9.0 0.0.0.255 any
int vlan9
ip access-group 109 in
exit
access-list 110 permit ip 192.168.10.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 110 permit ip 192.168.10.0 0.0.0.255 host 192.168.7.1
access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.10.0 0.0.0.255 any
int vlan10
ip access-group 110 in
exit
access-list 111 permit ip 192.168.11.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 111 permit ip host 192.168.11.66 host 192.168.1.7
access-list 111 permit ip host 192.168.11.66 192.168.1.8 0.0.0.7
access-list 111 permit ip host 192.168.11.66 192.168.1.16 0.0.0.1
access-list 111 permit ip host 192.168.11.145 192.168.1.0 0.0.7.255
access-list 111 permit ip 192.168.11.0 0.0.0.255 host 192.168.3.65
access-list 111 permit ip 192.168.11.0 0.0.0.255 host 192.168.7.1
access-list 111 permit ip 192.168.11.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 111 permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 111 deny ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 111 permit ip 192.168.11.0 0.0.0.255 any
int vlan11
ip access-group 111 in
exit
VLAN1=PC's Acl=101
VLAN3=Printers Acl=103
VLAN5=network monitors Acl=105
VLAN7=DNS and Mail servers Acl=107
VLan10= test domain Acl=110
VLAN11= Servers Acl=111
access-list 101 permit ip 192.168.1.0 0.0.0.255 172.16.99.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 101 permit ip host 192.168.1.7 host 192.168.11.66
access-list 101 permit ip 192.168.1.8 0.0.0.7 host 192.168.11.66
access-list 101 permit ip 192.168.1.16 0.0.0.1 host 192.168.11.66
access-list 101 permit ip 192.168.1.0 0.0.0.255 host 192.168.11.145
access-list 101 deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
int vlan1
ip access-group 101 in
exit
access-list 103 permit ip 192.168.3.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.7.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 103 permit host ip 192.168.3.65 192.168.11.0 0.0.0.255
access-list 103 deny ip 192.168.3.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 103 permit ip 192.168.3.0 0.0.0.255 any
int vlan3
ip access-group 103 in
exit
access-list 105 permit ip 192.168.5.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 105 permit ip 192.168.5.0 0.0.0.255 host 192.168.3.65
access-list 105 permit ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255
access-list 105 deny ip 192.168.5.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 105 permit ip 192.168.5.0 0.0.0.255 any
int vlan5
ip access-group 105 in
exit
access-list 107 permit ip 192.168.7.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.1.0 0.0.7.255
access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 107 permit ip 192.168.7.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 107 deny ip 192.168.7.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 107 permit ip 192.168.7.0 0.0.0.255 any
int vlan7
ip access-group 107 in
exit
access-list 109 permit ip 192.168.9.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 109 permit ip 192.168.9.0 0.0.0.255 192.168.1.0 0.0.7.255
access-list 109 permit ip 192.168.9.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 109 permit ip 192.168.9.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 109 deny ip 192.168.9.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 109 permit ip 192.168.9.0 0.0.0.255 any
int vlan9
ip access-group 109 in
exit
access-list 110 permit ip 192.168.10.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 110 permit ip 192.168.10.0 0.0.0.255 host 192.168.7.1
access-list 110 permit ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 110 deny ip 192.168.10.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.10.0 0.0.0.255 any
int vlan10
ip access-group 110 in
exit
access-list 111 permit ip 192.168.11.0 0.0.0.255 172.17.99.0 0.0.0.255
access-list 111 permit ip host 192.168.11.66 host 192.168.1.7
access-list 111 permit ip host 192.168.11.66 192.168.1.8 0.0.0.7
access-list 111 permit ip host 192.168.11.66 192.168.1.16 0.0.0.1
access-list 111 permit ip host 192.168.11.145 192.168.1.0 0.0.7.255
access-list 111 permit ip 192.168.11.0 0.0.0.255 host 192.168.3.65
access-list 111 permit ip 192.168.11.0 0.0.0.255 host 192.168.7.1
access-list 111 permit ip 192.168.11.0 0.0.0.255 192.168.9.0 0.0.0.255
access-list 111 permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 111 deny ip 192.168.11.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 111 permit ip 192.168.11.0 0.0.0.255 any
int vlan11
ip access-group 111 in
exit