Hi, I'm wonder about ACL.
I want to make 2 ACL.
First
1. Guest vlan can access only Internet.(to 192.168.2.2 = Firewall IP)
2. Then Guest vlan cannot access any other vlans.
3. Any other vlans cannot access Guest vlan.
Second
1. Server vlan can accessed by only Employee vlan.
2. Any other vlans cannot access the Server vlan.
Is it right? Please cheak my ACL Example...^^
====IP info=====
V1(Device) 192.168.0.1/24
V2(Employee) 192.168.10.1/24
V3(Server) 192.168.100.1/24
V4(Guest) 172.16.0.1/16
V5(FM) 192.168.1.1/24
V6(Serial) 192.168.2.1/24
====ACL1=====
ip access-list extended Vlan4
permit ip 172.16.0.1 0.0.255.255 192.168.2.1 0.0.0.255 log
deny ip 172.16.0.1 0.0.255.255 192.168.0.1 0.0.255.255 log
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
vlan 4
ip access-group vlan4 out
====ACL2=====
ip access-list extended Vlan3
permit ip 192.168.10.1 0.0.0.255 192.168.100.1 0.0.0.255 log
deny ip 192.168.0.1 0.0.255.255 192.168.100.1 0.0.0.255 log
deny ip 172.16.0.1 0.0.255.255 192.168.100.1 0.0.0.255 log(=don't need? Because ACL1 included?)
permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
vlan 3
ip access-group vlan3 in