Hi all,
I've a core stack with two 8132. 3 ToR 7048 are attached upon lacp on the core.
3 vlans are defined:
VLAN 2: DMZ (10.20.0.0/24)
VLAN 3: Office (10.30.0.0/24)
VLAN 100: Management (10.100.0.0/24)
The Management VLAN contains the 4 ips for each members of the network.
All the routing is done by the core (i.e, VLAN 2 and 3 on the 7048 haven't ip). This is working perfectly.
Vlan 2 must be open for vlan 3
vlan 3 must be closed for vlan 2
Vlan 2 and 3 must be open for vlan 100
Vlan 100 must deny all external access.
What are the ACL to apply?
I've tried several things but I don't able to have the needed. In others words, I just want access vlan 2 from vlan 100 but I don't want that vlan 2 access to vlan 100.
Here the last try:
#access-list test-vl20 permit ip 10.30.0.0 0.0.0 255 10.20.0.0 0.0.0.255
#access-list test-vl20 permit ip 10.100.0.0 0.0.0.255 10.20.0.0 0.0.0.255
#int vlan20
#ip access-group test-vl20
#access-list test-vl30 permit ip 10.100.0.0 0.0.0.255 10.30.0.0 0.0.0.255
#int vlan30
#ip access-group test-vl30
#access-list test-vl100 deny any 10.100.0.0 0.0.0.255
#int vlan100
#ip access-group test-vl100
What's wrong?
Many thanks for the help.
Vincent