Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNA) > Discussions

_Communities

6061 Views 40 Replies Latest reply: Feb 26, 2009 4:50 AM by greylegface RSS 1 2 3 Previous Next

Currently Being Moderated

Beginner help please

Feb 20, 2009 9:20 AM

greylegface 21 posts since
Feb 20, 2009

 

Hi,

 

 

 

 

 

i dont know if this is the right place to ask this but im stuck completly and would appreciate some help please

 

 

 

 

 

ive set up a 2600 router with a 1900 switch on the left with host A, host B and host C connected, the other side I have two 2950 switches, the first with host D and host E connected and the second with host F and G connected. I have set up the ips etc so they can ping, and ive set up VLANs over the two 2950 switches so that hosts D&F are in VLAN2 and E&G and in VLAN3.

 

 

what i want to be able to do is deny host A from accessing VLAN2, i think this has somethin to do with access lists and i can create on to deny host A from the right side by creating an access list on the router, but i dont know how to stop if accessing the vlan2, can i create an access liston the switch?

 

 

 

 

 

any help would be much appreciated, thanks in advance

 

 

  • Chris 811 posts since
    Jul 25, 2008
    Currently Being Moderated
    1. Feb 20, 2009 10:01 AM (in response to greylegface)
    Re: Beginner help please

     

    Hi Grey,

     

     

    You seem to have a clear understanding of what you have to do. If you setup an extended access list on your router you can deny host A access to VLAN 2 subnet address.

     

     

    Not clear on what your intentions are with the second-half of your question?

     

     

  • Chris 811 posts since
    Jul 25, 2008
    Currently Being Moderated
    4. Feb 20, 2009 10:53 AM (in response to greylegface)
    Re: Beginner help please

     

    Hi Grey,

     

     

    Where are your wildcard masks in your access list?

     

     

    Are you using a Default SNM or VLSM? Will change your wildcard mask statements

     

     

     

     

     

  • Armen 247 posts since
    Jul 7, 2008
    Currently Being Moderated
    5. Feb 20, 2009 10:54 AM (in response to greylegface)
    Re: Beginner help please

     

     

     

     

    Hi Grey,

     

     

    I think the syntax is the following

     

     

     

     

     

    access-list 101 deny ip host (ip add of host A) (subnet number of Vlan2 )(wild card of vlan2)

     

     

    access-list 101 permit any any

     

     

    then you must apply the below syntax to interfaces that are connected to switches on both of them

     

     

    ip access-group 101 out

     

     

  • Armen 247 posts since
    Jul 7, 2008
    Currently Being Moderated
    8. Feb 20, 2009 11:12 AM (in response to greylegface)
    Re: Beginner help please

    No, I don't know about your topology.

  • Chris 811 posts since
    Jul 25, 2008
    Currently Being Moderated
    9. Feb 20, 2009 11:14 AM (in response to greylegface)
    Re: Beginner help please

     

    Hi Grey,

     

     

    What Armen wrote is perfect!

     

     

    SNM = Subnet Mask

     

     

    VLSM = Variable-Length Subnet Mask

     

     

    Also it's always helpful to cut/paste appropriate "show" command output as applicable to what you're trying to accomplish.

     

     

    Thanks and Cheers.

     

     

  • Chris 811 posts since
    Jul 25, 2008
    Currently Being Moderated
    10. Feb 20, 2009 11:22 AM (in response to Chris)
    Re: Beginner help please

     

    Your original post stated that you are intending to block access to VLAN 2 from Host A. A VLAN is synonomous with Subnet/Broadcast Domain.

     

     

    HTH

     

     

  • Chris 811 posts since
    Jul 25, 2008
    Currently Being Moderated
    12. Feb 20, 2009 11:49 AM (in response to greylegface)
    Re: Beginner help please

     

    Okay, that changes my perspective of your topology completely. Well now since you have multiple VLANs connected to one "physical" interface on your router; you're going to have to use the Router-On-Stick method to create virtual subinterfaces off of F0/0. After you create your subinterfaces and assign IP addresses to them you'll be able to route between your different subnets/VLANs.

     

     

    You seem to have more than a beginners knowledge of what you're trying to do. Hence, I'm confused as to how you don't understand what an SNM is as you're using different SNM masks for your subnets?

     

     

    See your using Lammle's RouterSim. Is it any good?

     

     

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)