Question : Setting up Access List on Catalyst 4506, IOS version 12.1(20)EW2

I am setting up two external and one internal networks on a Catalyst 4506.

Internal Network: VLAN1 - 172.16.0.0/16
External Network: VLAN2 - 10.138.56.79/24
VLAN3 - 10.138.58.161/28

How do I set up access list to prevent the two external networks from talking to the internal networks? I know on a router, I don't need to set up
access list to achieve this.

Answer : Setting up Access List on Catalyst 4506, IOS version 12.1(20)EW2

Actually, on a router you would indeed have to set up an ACL to achieve this. The 4506 configuration would be the same as it would be on a router. The ACL would just be applied to a VLAN interface as opposed to a FastEthernet/Ethernet/Serial interface on the router. The PIX firewall is the one that blocks traffic by default from a low security to a high security interface.
The ACL you would need would be something like:
!
access-list 101 deny 10.138.56.79 0.0.0.255 172.16.0.0 0.0.255.255
access-list 101 permit 10.138.56.79 0.0.0.255 any
access-list 102 deny 10.138.58.161 0.0.0.15 172.16.0.0 0.0.255.255
access-list 102 permit 10.138.58.161 0.0.0.15 any
!
interface VLAN2
ip access-group 101 in
!
interface VLAN3
ip access-group 102 in

Random Solutions

LDAP Query against local administrators on a computer in a domain

Batch or VBS file to turn on ICS in XP

how to use cute ftp

WSHNetwork.MapNetworkDrive<wbr /> vbs. script 80070035

NDR 4.4.7 For certain domains

DirXML/IM Starter kit questions

WebSphere 5.1.2 - What is the Admin Console default login and password?

NETBEANS - pot 8080 conflict for JSP on start

java.lang.ClassNotFoundErr<wbr />or ClassName - Please suggest