Home | Net Issues | Net How To | Wireless | Case Studies | Articles | Forums | Services | Donations | Careers | About Us | Contact Us|
Web Cisco
 

Allow a server access a printer in different VLAN

 

Q: We have 3 VLAN in our Cisco 3750G switch. VLAN 1 10.0.0.0/16 for domain network, VLAN 2 10.2.0.0/24 for student and VLAN 3 10.3.0.0/24 for public. We have one printer 10.3.0.206 in the VLAN 3 and want to allow student server 10.2.0.253 in the VLAN 2 to access the printer. How can we configure access-list? Here is current configuration.

Here is the current configuration.

 

 

ip access-list extended INet_Only
permit icmp any any
permit tcp any any established log
permit tcp any host 10.20.20.220 eq www
permit tcp any host 10.20.20.220 eq 443
permit tcp any host 10.20.20.215 eq 443
permit tcp any host 10.20.20.215 eq www
permit tcp any host 10.20.20.216 eq www
permit tcp any host 10.20.20.216 eq 443
deny ip any 10.0.0.0 0.0.255.255
permit tcp any any eq domain
permit udp any any eq domain
permit udp any eq domain any
permit udp host 10.2.0.253 any eq bootpc
permit udp host 10.2.0.253 any eq bootps
permit udp any host 10.2.0.251 eq domain
permit ip any host 10.2.0.253
permit tcp any host 10.0.5.220 eq www
permit tcp any host 10.0.5.220 eq 443
deny ip any 10.0.0.0 0.255.255.255
permit ip any any

ip access-list extended publicaccess
permit icmp any any
permit ip host 10.3.0.206 host 10.2.0.253
permit tcp any any established log
deny ip 10.3.0.0 0.0.0.255 10.1.0.0 0.0.0.255
deny ip 10.3.0.0 0.0.0.255 10.2.0.0 0.0.0.255
permit ip any any
ip access-list extended studentaccess
permit ip host 10.2.0.253 host 10.3.0.206
permit icmp any any
permit tcp any any established log
deny ip 10.2.0.0 0.0.0.255 10.0.0.0 0.0.255.255
permit ip any any

A: Add two permit to INet_Only

ip access-list extended INet_Only
1 permit ip host 10.3.0.206 host 10.2.0.253
2 permit ip host 10.2.0.253 host 10.3.0.206

Now, the modified configuration is:

ip access-list extended INet_Only
permit ip host 10.3.0.206 host 10.2.0.253
permit ip host 10.2.0.253 host 10.3.0.206
permit icmp any any
permit tcp any any established log
permit tcp any host 10.20.20.220 eq www
permit tcp any host 10.20.20.220 eq 443
permit tcp any host 10.20.20.215 eq 443
permit tcp any host 10.20.20.215 eq www
permit tcp any host 10.20.20.216 eq www
permit tcp any host 10.20.20.216 eq 443
deny ip any 10.0.0.0 0.0.255.255
permit tcp any any eq domain
permit udp any any eq domain
permit udp any eq domain any
permit udp host 10.2.0.253 any eq bootpc
permit udp host 10.2.0.253 any eq bootps
permit udp any host 10.2.0.251 eq domain
--More-- permit ip any host 10.2.0.253
permit tcp any host 10.0.5.220 eq www
permit tcp any host 10.0.5.220 eq 443
deny ip any 10.0.0.0 0.255.255.255
permit ip any any
ip access-list extended publicaccess
permit icmp any any
permit ip host 10.3.0.206 host 10.2.0.253
permit tcp any any established log
deny ip 10.3.0.0 0.0.0.255 10.1.0.0 0.0.0.255
deny ip 10.3.0.0 0.0.0.255 10.2.0.0 0.0.0.255
permit ip any any
ip access-list extended studentaccess
permit ip host 10.2.0.253 host 10.3.0.206
permit icmp any any
permit tcp any any established log
deny ip 10.2.0.0 0.0.0.255 10.0.0.0 0.0.255.255
permit ip any any

 

Contact a consultant

Related Topics

 

 

  This web is provided "AS IS" with no warranties.
Copyright © 2002-2007 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.