Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 871 VLANs / ACLs

Reply
Thread Tools

Cisco 871 VLANs / ACLs

 
 
Vincent
Guest
Posts: n/a
 
      02-17-2011
Hello all. I'm rather a novice to Cisco ACL's, so forgive me if I
word this question poorly.

Anyhow, I am using a Cisco 871 with Advanced IP Services as my home
router and have setup two VLANs. Vlan1 is used for 2 desktop
computers and Vlan2 is used to host the myriad wireless devices
throughout. I want to create an ACL that permits ALL traffic
(including return traffic) to transit between Vlan1 and Vlan2 if that
traffic originates in Vlan1. I want NO traffic (except for return
traffic) to transit between Vlan2 and Vlan1. Is there an easy way to
accomplish this?

My Vlan1 and Vlan2 definitions and current (rather simple) ACL are as
follows:

interface Vlan1
description internal LAN
ip address 192.168.200.1 255.255.255.0
ip access-group LANIn in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
ip multicast boundary 30
ip nat inside
ip virtual-reassembly
!
interface Vlan2
description internal LAN
ip address 192.168.100.1 255.255.255.0
ip access-group LANIn in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
ip flow ingress
ip multicast boundary 30
ip nat inside
ip virtual-reassembly

ip access-list extended LANIn
deny ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255
permit ip 192.168.100.0 0.0.0.255 any
permit ip 192.168.200.0 0.0.0.255 any
deny ip any any log-input


Thank you for your assistance!

Vincent
 
Reply With Quote
 
 
 
 
Doug McIntyre
Guest
Posts: n/a
 
      02-17-2011
Vincent <(E-Mail Removed)> writes:
>Hello all. I'm rather a novice to Cisco ACL's, so forgive me if I
>word this question poorly.


>Anyhow, I am using a Cisco 871 with Advanced IP Services as my home
>router and have setup two VLANs. Vlan1 is used for 2 desktop
>computers and Vlan2 is used to host the myriad wireless devices
>throughout. I want to create an ACL that permits ALL traffic
>(including return traffic) to transit between Vlan1 and Vlan2 if that
>traffic originates in Vlan1. I want NO traffic (except for return
>traffic) to transit between Vlan2 and Vlan1. Is there an easy way to
>accomplish this?


ACL's don't have state. They can't track sessions to say this traffic
originated here, and to let it back through. You only get a clear-cut
does this packet match this rule? Yes let it through. No block it.
The only notion of anything above packet level is it can see if the
TCP Established flag is set or not.

It sounds like you really want to be using more advanced features,
such as using CBAC or Zone-Based Firewall options of the Cisco router.
You'll have to read up alot on either of those to get started.

The cisco is really like a big toolbox full of many different tools
and stuff you can use to build what you want to do. Its not always
obvious which tool you should pull out of the toolbox.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Cisco 871 VLANs / ACLs bod43 Cisco 1 02-18-2011 05:34 PM
Cisco 871 SDM Problem Kronos Cisco 2 11-04-2008 03:49 PM
Cisco 871 Multiple Vlans on single SSID ajdaniels Cisco 1 07-17-2007 03:50 PM
Windows - Browsing across vlans and also DC's on separate vlans punisher Cisco 2 11-17-2005 03:41 PM
question about Mapping 802.1Q VLANs to ISL VLANs ilya@3ka.mipt.ru Cisco 0 01-11-2005 02:42 PM



Advertisments