rocketlauncher
Programmer
Hi All,
Hope someone can help me out on this one.
I have the following:
-3 Distribution Switches (3550’s)
-4 Access switches (2950’s)
-6 VLAN’s (13,14,15,16,17,18) which span all switches.
Intervlan routing is working flawlessly, but I need to lock down access to VLAN 13. Basically VLAN 15 should be the only one allowed to access a server that’s located in VLAN 13, all other intervlan communication should stay the same.
But I have no idea where to apply the ACL. Do I have to apply it in all my Distribution Switches under VLAN 13 interface 13? Or only in one switch? Also, does it have to be inbound or outbound?
I tried the following ACL, but didn’t work. I could still ping, rdp, etc..from VLAN 15.
access-list 110 permit ip 172.16.15.0 0.0.0.255 host 172.16.13.16
access-list 110 deny ip 172.16.15.0 0.0.0.255 172.16.13.0 0.0.0.255
access-list 110 permit ip any any
int vlan 13
ip access-group 110 out
Also, what type ACL, should I apply, VACL, RACL or PACL?
Any help is greatly appreciated.
Thanks,
Rocket
Hope someone can help me out on this one.
I have the following:
-3 Distribution Switches (3550’s)
-4 Access switches (2950’s)
-6 VLAN’s (13,14,15,16,17,18) which span all switches.
Intervlan routing is working flawlessly, but I need to lock down access to VLAN 13. Basically VLAN 15 should be the only one allowed to access a server that’s located in VLAN 13, all other intervlan communication should stay the same.
But I have no idea where to apply the ACL. Do I have to apply it in all my Distribution Switches under VLAN 13 interface 13? Or only in one switch? Also, does it have to be inbound or outbound?
I tried the following ACL, but didn’t work. I could still ping, rdp, etc..from VLAN 15.
access-list 110 permit ip 172.16.15.0 0.0.0.255 host 172.16.13.16
access-list 110 deny ip 172.16.15.0 0.0.0.255 172.16.13.0 0.0.0.255
access-list 110 permit ip any any
int vlan 13
ip access-group 110 out
Also, what type ACL, should I apply, VACL, RACL or PACL?
Any help is greatly appreciated.
Thanks,
Rocket