Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Configuring an ACL on 5406zl

 
New Member

Configuring an ACL on 5406zl

Hello,

 

I am need of some advice. I need to setup a ACL to limit access from one VLAN to another. Here is the setup

 

VLAN 10 Clients                        11.168.16.0/20

VLAN 20 Printer                        11.168.32.0/20

VLAN 30 IP-Phones                 11.168.48.0/20

VLAN 40 Guests                        11.168.60.0/20

 

I have enabled IP Routing on the switch so currently every VLAN can communicate to each other. However I will now need to isolate the Guest VLAN.

 

The Goal

 

Allow 11.168.60.0/20 full access within its own subnet

Allow 11.168.60.0/20 full access to ONE IP in another VLAN (DHCP/DNS) for example 11.168.16.3 (from VLAN 10)

Deny all other access (in and out) for VLAN 40

 

Also it is important that no other VLAN gains access to VLAN 40

 

I am confused on how to set this up with ACLs. Could somebody be kind enough to show me the code

 

thank you very much

1 REPLY 1
Honored Contributor

Re: Configuring an ACL on 5406zl

ip access-list extended "Guest_ACL" 
10 allow ip 11.168.60.0 0.0.7.255 11.168.16.3 0.0.0.0
20 deny ip any any

vlan 40 ip access-group Guest_ACL in