1 reply to this topic

[concico]

Hi All...

please help me to define the ACL for VLAN 128 in distribution switch 1.

I have to configure in a way that :

• A PC in VLAN 128 in distribution 1 (Network 10.100.128.0/24) can comunicate with other PCs in the same VLAN
• A PC in VLAN 128 in distribution 1 (Network 10.100.128.0/24) can comunicate with other PCs in VLAN 128 under distribution 2 (Network 10.200.128.0/24)
• A PC in VLAN 128 in distribution 1 (Network 10.100.128.0/24) is not allowed to go to other subnets in the private network 10.0.0.0/8
• A PC in VLAN 128 in distribution 1 (Network 10.100.128.0/24) can go to Internet

Of course i want to block the traffic on distribution 1 ( near to the source).

Attacched an example of the network.

Below my idea of the configuration:

DS-1(config)#ip access-list extended Vlan_128
permit ip 10.100.128.0 0.0.0.255 10.200.128.0 0.0.0.255
deny ip 10.100.128.0 0.0.0.255 10.0.0.0 0.255.255.255
permit ip any any

exit

interface vlan 128
ip access-group Vlan_128 in

Any feedback are appreciated.

Thank you.

Attached Files

•  ACL-drawing.png   24.17K   8 downloads

Edited by concico, 16 March 2012 - 12:10 AM.

[Cromac]

Hi,

I would say that this is correct.

Cromac