Dear,
I've a question to setup ACL on 5412zl with VRRP Core switches.
Requirment :
Block all windows client form Vlan60 to access Host 192.168.50.126 (which connected to Core1 port c19)
Configuration :
Core1 (default gateway 10.20.0.1 255.255.255.255)
Default Vlan 1 - 10.0.0.254
Vlan 50 - Ip add 192.168.50.254
Vlan 60 - Ip add 192.168.60.254
Vlan 70 - Ip add 192.168.70.254
Core2 (default gateway 10.20.0.1 255.255.255.255)
Default Vlan 1 - 10.0.0.253
Vlan 50 - Ip add 192.168.50.253
Vlan 60 - Ip add 192.168.60.253
Vlan 70 - Ip add 192.168.70.253
Test / Result :
1.) Create a standard ACL "Deny-60"
ip access-list standard "Deny-60"
10 deny 192.168.60.0 0.0.0.255
exit
Assigned to interface C19
Result : will case deny all incoming packet (all Vlan) to dest. port.
Result : after to add line 20 resume normal and allow all incoming packet (all vlan) to dest. port.
2.) Create a extended ACL "Deny-V60"
ip access-list extended "Deny-V60"
10 deny ip 192.168.60.0 0.0.0.255 192.168.50.126 0.0.0.0
exit
Assigned to Vlan 50 (Vlan 50 ip access-group Deny-V60 in)
Result : will case deny all incoming packet (all Vlan) to all host under Vlan 50. Result : after to add line 20 resume normal and allow all incoming packet (all Vlan) to all host under Vlan 50.
Assigned to Vlan 60 (Vlan 60 ip access-group Deny-V60 out)
Result : will case deny all in/out packet form Vlan 60 segment to any host.
Result : after to add line 20 resume normal and allow all in/out packet form Vlan 60.
We're no idea how to setup ACL any more !!!