Alcatel Unleashed

The #1 Worldwide board for technical support on Alcatel-Lucent Voice & Data gear.
https://alcatelunleashed.com/

Access List

https://alcatelunleashed.com/viewtopic.php?t=19536

Page 1 of 1

Access List

Posted: 07 Mar 2012 05:49
by ram
Hi,

I have 4 number no of vlans i.e 210,220,230,240 in my core
For internet access in my core switch i wrote default static to firewall
i have created vrrp in my core switch for each vlan.

Servers and some users in 210 vlan
220 vlan is for voice
230 vlan is for xyz
240 vlan is for electric.


I want to block the 240 vlans should not communicate with 210,220,230 but my challenge his dhcp server his in 210 vlan so i need to allow the 240 vlan for dhcp accessv for giving ip address to 240 vlan users and wan access.

Please tell me what is the command for this access list .

Regards,
Ram.

Re: Access List

Posted: 09 Mar 2012 05:05
by ram
Hi guys,

Please help me on this.

Re: Access List

Posted: 09 Mar 2012 15:51
by one6f
I would suggest that you begin with easy to set up using policy network groups and ip rules such as

Code: Select all

policy network group vlan240  10.10.240.0 mask 255.255.255.0 
policy network group vlan210  10.10.210.0 mask 255.255.255.0

policy condition vlan240_vlan210 source network group vlan240 destination network group vlan210
policy condition vlan210_vlan240 source network group vlan210 destination network group vlan240
policy condition vlan240_dhcp source network group vlan240 destination ip 10.10.210.100
policy condition dhcp_vlan240 source ip 10.10.210.100 destination network group vlan240

policy action deny disposition deny
policy action permit

policy rule vlan240_dhcp condition vlan240_dhcp action permit log
policy rule dhcp_vlan240 condition dhcp_vlan240 action permit log
policy rule vlan240_vlan210 condition vlan240_vlan210 action deny log
policy rule vlan210_vlan240 condition vlan210_vlan240 action deny log

qos enable
qos apply

Re: Access List

Posted: 12 Mar 2012 01:07
by ram
Hi one6f,

Thanks A lot for sharing the commands for access list. you mentioned this ip address 10.10.210.100 i think you mentioned this ip address for my dhcp server am i right...?

regards,
Ram

Re: Access List

Posted: 12 Mar 2012 02:03
by one6f
yes, is just one example

Re: Access List

Posted: 06 Oct 2024 14:06
by sokocul_123
bro why i still can ping to interface vlan ? i've did configure like that. i test detail tomorrow to test end point to endpoint.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited