|
Posted by bod43 on July 11, 2009, 11:37 pm
> cisco 2651XM router
> IOS: c2600-adventerprisek9-mz.124-15.T8.bin
> I have a vlan1 on 172.16.0.x and a vlan192 on 192.168.0.x. Both vlans are
> routed through Dialer0 so they can surf the internet. At the moment both
> these vlans can ping each other. I want to isolate vlan1 and valn192 from
> each other so neither network can ping the other but I still want them bo=
th
> to access the internet. How can I do this? Here is a small section of my
> current config Thanks for any advice.
> interface Vlan1
> =A0ip address 172.16.1.30 255.255.0.0
> =A0ip nat inside
> =A0ip virtual-reassembly
> !
> interface Vlan192
> =A0ip address 192.168.0.10 255.255.255.0
> =A0ip nat inside
> =A0ip virtual-reassembly
> !
> interface Dialer0
> =A0ip nat outside
> ip nat inside source list 1 interface Dialer0 overload
> ip nat inside source list 2 interface Dialer0 overload
> !
> access-list 1 permit 172.16.0.0 0.0.255.255
> access-list 2 permit 192.0.0.0 0.255.255.255
> dialer-list 1 protocol ip permit
Just a nit-pick, your 172 VLAN is 172.16.x.x.
"I have a vlan1 on 172.16.0.x and a vlan192 on 192.168.0.x."
conf t
ip access-list e ACL.172.in
deny 172.16.0.0 0.0.255.255 192.168.0.0 0.0.0.255
permit ip any any
ip access-l e ACL.192.in
deny 192.168.0.0 0.0.0.255 172.16.0.0 0.0.255.255
permit ip any iny
interface Vlan1
ip access-group ACL.172.in in
int vl 192
ip access-group ACL.192.in in
end
! Once you are happy with the changes, save them
copy run start
Your problem descripton and question was by the way
exemplary. Perfectly expressed - in my view.
sh ip access-l ! To see what you actually have.
Good luck.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map