Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configure ACLs For L3 VLANs - Cisco 3550 2

Status
Not open for further replies.
JRosario78

JRosario78

MIS
Jun 5, 2005
103
US
Hi everyone,

I configured (3) Layer 3 VLANs on a Cisco 3550 and would like to configure ACLs so that I can block traffic between them.

This is what I have:
VLAN10
SVI - 172.10.1.1

VLAN25
SVI - 172.25.10.1

VLAN163
SVI - 192.168.0.163

If possiable, I would like to allow host 192.168.0.6 to ping any host on the other 2 VLANs.

Thanks in advance!
 
Sort by date Sort by votes
you're 100% sure that is your requirement?? you don't want ANY other traffic to from ANY other network to pass besides ICMP from that particular host??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Hi,

Thanks for your reply/question. Yes, for now that is what I would like to do.

Can you please assist me with this?

Thanks!
 
Upvote 0 Downvote
absolutely.
Code: 
access-list 110 permit icmp any host 192.168.0.6 echo-reply
access-list 125 permit icmp any host 192.168.0.6 echo-reply
access-list 163 permit icmp host 192.168.0.6 any eq echo

int vlan 10
  ip access-group 110 in

int vlan 25
  ip access-group 125 in

int vlan 163
  ip access-group 163 in
this will do exactly as you requested which is pemit host 192.168.0.6 to initiate ICMP echo (pings) and for any host on either of the other networks to send ICMP echo replies back to host 192.168.0.6, no other traffic is permitted.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
Unclerico,

Thanks for your help. I forgot to request that I would also like to allow host 192.168.0.6 to RDP (3389) into the servers on the other VLANs.

I assume that if I create more L3 VLANs, I just creat another ACL like the fist 2 (110 and 125) and then apply it to the SVI.

Thank you!!!
JR
 
Upvote 0 Downvote
ip access-list extended 110
5 permit tcp host 192.168.0.6 any eq 3389

ip access-list 125 extended
5 permit tcp host 192.168.0.6 any eq 3389

etc, etc, dot dot dot...

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
246
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
236
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
224
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
236
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
293
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top