I have a multi VLAN network and i want to create a ACL to separate traffic, permit and deny the access of each vlans, and create a limited access.

 

The basic lan network.

 

name	vlan	subnet
lan	1	192.168.0.1/24	with services like web hosting
vlan10	10	192.168.10.1/24
vlan20	20	192.168.20.1/24

 

 

My goal.

1. Give LAN (1) access to all

2. Deny VLAN10 and 20 to each other.

3. Give VLAN10 and 20 access to web hosting (i created a group for ip and port)

 

 

Here is what i did.

 

deny vlan access

-> created acl to deny access from vlan10 to 20 and 1, vlan20 to 10 and 1. - working

 

lan (1) have a web hosting and other services for all vlan.

-> created a acl to allow access on specific ip with their port - working.

 

but then lan lost access to vlan10 and vlan20

-> created a acl to allow lan access on vlan10 and vlan 20.

 

set up the ACL in switch.

 

Did i missed something or this can not work?

 

Thanks!