I have two VLAN. VLAN100 and VLAN200.
VLAN100 should have access to 192.168.20.0/24, 192.168.0.0/24 and block all other 192168.0.0/16 ,172.16.0.0/16 and 10.0.0.0/8 networks and allow Internet access.
VLAN200 should not have access to nothing, only replie to traffic coming from VLAN100.
I am trying to ping from VLAN100 to VLAN200 but with out success.
hostname "HP-2920-48G"
module 1 type j9728a
ip access-list extended "vlan100"
10 permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.0.255
100 permit ip 192.168.0.0 0.0.0.255 192.168.20.0 0.0.0.255
300 deny ip 0.0.0.0 255.255.255.255 192.168.0.0 0.0.255.255 log
310 deny ip 0.0.0.0 255.255.255.255 172.16.0.0 0.0.255.255 log
320 deny ip 0.0.0.0 255.255.255.255 10.0.0.0 0.255.255.255 log
400 permit ip 192.168.0.0 0.0.0.255 0.0.0.0 255.255.255.255
exit
ip access-list extended "vlan200"
10 permit ip 192.168.20.0 0.0.0.255 192.168.20.0 0.0.0.255
exit
ip default-gateway 192.168.0.1
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip routing
snmp-server community "public" unrestricted
oobm
ip address dhcp-bootp
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1,20
untagged 2-19,21-48
no ip address
exit
vlan 100
name "VLAN100"
untagged 1
ip access-group "vlan100" vlan-in
ip address 192.168.0.205 255.255.255.0
exit
vlan 200
name "VLAN200"
untagged 20
ip access-group "vlan200" vlan-in
ip address 192.168.20.1 255.255.255.0
exit
no autorun
no dhcp config-file-update
no dhcp image-file-update
password managerWhat is the right solution for my access-list?
