Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN Access lists

SOLVED
Go to solution

VLAN Access lists

Hi,

I am trying to apply an access list to a VLAN on a 5308 procurve switch in order to permit access to only 1 host in the VLAN. But when I apply the ACL IN on the VLAN, it blocks all traffic to all hosts. I can't see why this happens, have attached running config

Any ideas ?

thanks,

Tony
3 REPLIES
Matt Hobbs
Honored Contributor
Solution

Re: VLAN Access lists

Hi Tony,

I think you might have your ACL back to front. ACL's aren't my favourite but I'll give it a shot..

At the moment you have:
ip access-list extended "101"
permit ip any 10.12.0.106 0.0.0.0

Which means that any client on VLAN2 (10.12.0.0/16) can get access to 10.12.0.106 - which is on the same subnet so is actually unnecessary. At the end of any ACL there is an implicet deny any which explains why the other hosts can't get any access.

What I think you want is:
ip access-list extended "101"
permit ip 10.12.0.106 0.0.0.0 any

That will allow 10.12.0.106 to get access through the ACL to any other IP address.

You may not need an extended ACL either,
"ip access-list 1 permit host 10.12.0.106" should achieve the same thing.

Matt





Matt Hobbs
Honored Contributor

Re: VLAN Access lists

Maybe I read that wrong.

If you want a host in a different VLAN to be able to access 10.12.0.106, then you would use your original ACL and set it OUT instead of IN on VLAN 2.

Re: VLAN Access lists

Thanks Matt,

That sorted my problem.

Tony.