Wired Intelligent Edge

 View Only

  • 1.  VLAN ACCESS-LIST 2930

    Posted Jun 05, 2020 05:02 AM

    Hi,

     

    Actually i wanted to configure access list between 2 vlans. 

     

    vlan 5
    name "VLAN5"
    untagged 1
    ip address 10.0.0.8 255.255.255.0
    vlan 10
    name "VLAN10"
    untagged 2
    ip address 172.16.5.252 255.255.254.0

     

    I want ip 10.0.0.2 to be able to communicate with 172.16.5.251.

     

    How can i achieve this ?



  • 2.  RE: VLAN ACCESS-LIST 2930

    Posted Jun 05, 2020 08:49 AM

    Do you want to configure an access list (i.e to block traffic) or enable routing (ip routing) between VLANs? 



  • 3.  RE: VLAN ACCESS-LIST 2930

    Posted Jun 06, 2020 04:31 AM

    Infact I had an ACL in cisco, i have to put same on Aruba.

     

    Below is the cisco output:

    ip access-list extended ACCESS
    permit ip host 172.16.4.224 10.0.0.0 0.0.0.255
    deny ip host 172.16.4.158 192.168.90.100 0.0.0.2
    deny ip 172.16.4.0 0.0.1.255 host 10.0.0.7
    permit ip 172.16.4.0 0.0.1.255 any

     

    interface vlan 10

    ip address 172.16.5.252 255.255.254.0

    ip access-group ACCESS in

     



  • 4.  RE: VLAN ACCESS-LIST 2930

    Posted Jun 08, 2020 08:22 AM

    It worked with my below commands.

    # ip routing

    # ip access-list extended ACCESS

    permit ip 172.16.4.224 0.0.0.0 10.0.0.0 0.0.0.255

    deny ip host 172.16.4.158 host 192.168.90.100

    deny ip 172.16.4.0 0.0.1.255 host 10.0.0.7

    permit ip 172.16.4.0 0.0.1.255 any

    # vlan id_num

    ip access-group ACCESS in



Related Content