Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

3500 yl basic access list

Romer
Occasional Contributor

3500 yl basic access list

I need help configuring my 3500 yl switch to use access list so that I minimize traffic in each VLANs. I have my swith configured as follows.
Default gateway is 172.16.0.254 (Router IP addres)
VLAN 1(Default VLAN) 172.16.0.0/255.255.255.0
VLAN 1 IP ADDRESS IS 172.16.0.250
VLAN 2 172.16.1.0/255.255.255.0
VLAN 2 IP ADDRESS IS 172.16.1.250
VLAN 3 172.16.2.0/255.255.255.0
I have rip enabled on the switch and VLAN 2 has an uplink to VLAN 1.
I need VLAN 2 to be able to access internet only and nothing more. VLAN 3 has no IP address and is to be isolated and has an uplink to a different gateway.
1 REPLY
Mohieddin Kharnoub
Honored Contributor

Re: 3500 yl basic access list

Hi

First of all, make sure you have RIP enabled on your router 172.16.0.254 so it learns all the networks you have on this switch.

Second thing, i assume that you need probably one ACL to deny Vlan2 accessing Vlan1 that can access everything else,
If this is the case they you can try this:

SW(config)#ip access-list extended VLAN1
SW(config-ext-nacl)#deny ip 172.16.1.0 0.0.0.255 any
SW(config-ext-nacl)#permit ip any any
SW(config)#vlan 1 ip access-group VLAN1 out

In case you need more restrictions on Vlan3 or Vlan2, you need then to edit that ACL or add a new one for the other Vlans.

Check this link for more information:
ftp://ftp.hp.com/pub/networking/software/3500-5400-6200-ASG-0207-K.12.XX-10-ACLs.pdf


Good Luck !!!
Science for Everyone