|
Question : cisco 3550 acl problem
|
|
i separate my network into 3 main vlan subnet named vlan2 vlan109 vlan111 , and need to set access list policy between them.the policy is : (1).vlan 111 cannot be visited by other vlans except vlan2; (2).vlan 2 cannot be visited by other vlans,but it can visit other vlans; (3).vlan 109 can be visited by anyother vlans;
how can i arrange the acl table to meet the requirement? online waiting for any experts' reply,and thx a lot a a lot!
|
Answer : cisco 3550 acl problem
|
|
(1) only permit vlan 2 into vlan 111 access-list 102 permit
interface vlan 111 ip access-group 102 in !
For (2) that's more difficult. If you want to access other vlans, the responses need to be allowed back. ! access-list 103 permit tcp any established ! interface vlan 2 ip access-group 103 in !
(3) no action required
|
|
|