ACL inter-vlan routing

0

I need to configure access control list on layer 3 switches for a some school's:

Now the PC's from one classroom can access the PC's from the other classroom.

How can I configure that they only can access their own VLAN which is a classroom and still be able to access the VLAN 10 which is where the AD and file server are situated.

for example:

VLAN 10: 10.1.0.0 255.255.255.128 VLAN11: 10.1.1.0 255.255.255.224 VLAN12 10.1.1.32 255.255.255.224 29

so what I want is that VLAN 11 & 12 can't communicate with each other but still can communicate with VLAN 10

! but I don't want to explicit deny VLAN 11 & 12 cause they are like 20+ vlans in some schools.

Is there a like a short way for this ?

Thanks

JonasVanraes

Posted 2015-03-03T09:11:15.080

Reputation: 1

What type of switch is this? Are they trunk or access VLANs? The most common config I come across for this sort of thing is using trunk VLANs where allowed VLANs are specified per port. – MaQleod – 2015-03-03T15:47:52.517

It's a layer 3 switch who is connected with layer 2 switch via trunk line. And thanks i will look into that – JonasVanraes – 2015-03-04T07:37:02.753

Answers

0

Assuming the switch in context is a Cisco switch, do the following:

  1. Create acl :

    access-list 101 permit ip any 10.0.1.0 0.0.0.127

  2. apply acl at all vlan interfaces that need access only to vlan 10 :

    ip access-group 101 out

Example: For the example scenario you mentioned :

cisco(config)#access-list 101 permit ip any 10.0.1.0 0.0.0.127
cisco(config)#interface vlan 11
cisco(config-if)#ip access-group out
cisco(config-if)#exit
cisco(config)#interface vlan 12
cisco(config-if)#ip access-group out
cisco(config-if)#exit

Done.

Nithin Kumar

Posted 2015-03-03T09:11:15.080

Reputation: 41

Asked: 2015-03-03T09:11:15.080

Viewed: 1 218 times

Active: 2016-06-16T14:55:43.897