Thanks for your nice words! agreed, most of these concepts are the base of networking! I'm working on some IoT and smart home scenarios with packet tracer as well as FortiGate and Palo Alto firewalls labs. What other topics do you like to watch and learn?
@SASiteNet If anything pops up that I struggle with, I'll be sure to let you know. Thank you for your willingness to teach and provide in depth information.
good to hear the video is helpful, please bear in mind that other technologies like VRF-Lite or EVN are also used in 6500 and 4500 environment to separate the network traffic.
Hey, I have a few questions. 1.Why did you assign IP address to vlan interface as x.x.x.0? Isn't the 0 reserved for the network address? 2.Why when creating acl, blocking traffic from vlan 200 to server vlan, you wrote subnet mask as 0.0.0.255? 3. After creating acl mentioned above, why did you wrote permit ip any any? Is it a command to let switch know to apply the acl for any traffic from 192.168.200.0 network to 192.168.0.0 network?
Hi there, thanks for your questions. There is no x.x.x.0 assignment to the SVI (VLAN Interface), the diagram shows the entire network. and in the ACL, as I explained we wanted to block the entire traffic from VLAN 200, as a result, we used "deny ip 192.168.200.0 0.0.0.255 ..." The 0.0.0.255 is opposite of the 255.255.255.0 and it's called "wildcard mask" (instead of subnet mask. There is an implicit deny all at the end of each ACL. So, we need a permit all other traffic (other than the deny traffic) For better understanding, I suggest watching the Access List (ACL) video tutorials, where I've explained the structure of the ACLs: Network#18: Access List - Standard Named ACL: th-cam.com/video/j70vcgCLOJE/w-d-xo.html Network#19: Access List - Extended ACL: th-cam.com/video/f45ukYQsdtE/w-d-xo.html
i have a query that vlan200 is not accessing vlan 50 ny applying inbound acl but vlan 50 also not accessing vlan 200 is it possible that vlan 50 can access vlan 200 while same acl is applied
Hir sir. May i know if it's possible in intervlan with acl. Let say IT department can ping other dept but the other dept cant ping back the IT department. Thanks
Hi, Thanks for sharing. I have the doubt why access-group command is applied IN to the interface instead of OUT? I understand that 192.168.200.X is the source and then when going OUT to reach VLAN 50 the ACL applies.
good question, but keep in mind the IP communications usually happen in two-way. you can control your traffic in a way that suit for your environment and device support.
Hi, thank you very much for yours explanations, there are very claires. I could be know: how I can permit the communication des VLAN but in one direction?, for example that VLAN SALES to can communicate with the VLAN IT but VLAN IT can not communicate with VLAN SALES. Thank you very much again, great job!!!
Hello, Its great. But I am able to ping even after applying the access-list. I have made access-list with deny ip any any but still I am able to ping the destination.
Thanks for the comments. Please double check all the configuration, make sure you've applied the ACL on correct interface and follow the tutorial without missing any part. let us know what is the result.
Thanks for nice explanation, Could you please also show that IT Department can access Sales department but Sales Department should not access IT department?
Please refer to the answer under HQ video: th-cam.com/video/CAQcPyENCK8/w-d-xo.html&lc=z222sz3wxxrdszl2aacdp434d0vrsduug5r005oym0lw03c010c.1516698419305989
2024 and this is still so relevant, quick and easy explanation, thank you brother!
Thanks for your nice words! agreed, most of these concepts are the base of networking!
I'm working on some IoT and smart home scenarios with packet tracer as well as FortiGate and Palo Alto firewalls labs. What other topics do you like to watch and learn?
@SASiteNet If anything pops up that I struggle with, I'll be sure to let you know. Thank you for your willingness to teach and provide in depth information.
1 Millions likes if i could give it! This is what i needed for my network. Very good explanation and demo. Thanks my friend!
Great it helps!
finally I found a clear video and a good instructor about VLAN ACLs.. thank you so much for the video
i was searching about controlling traffic between vlans for a whole month, i really thank you
Thank you! So hard to find any information about applying access lists to VLAN interfaces. This clarified a ton!
+Mark Hunt welcome Mark, Plz let me know if you looking for any specific networking topic, I try to create tutorial for that. :)
thanks i was searching about it for 2 weeks ...thanks
good to hear the video is helpful, please bear in mind that other technologies like VRF-Lite or EVN are also used in 6500 and 4500 environment to separate the network traffic.
Thank you ... exactly what I wanted ... simple informative and practical
Glad it was helpful!
Thank you for sharing! How can we make it so that VLAN 100 cannot communicate with VLAN 200, but VLAN 200 can communicate with VLAN 100?
can anyone answer this one????
Thank you , that's exactly what i was looking for ,
Great!
Hey, I have a few questions.
1.Why did you assign IP address to vlan interface as x.x.x.0? Isn't the 0 reserved for the network address?
2.Why when creating acl, blocking traffic from vlan 200 to server vlan, you wrote subnet mask as 0.0.0.255?
3. After creating acl mentioned above, why did you wrote permit ip any any? Is it a command to let switch know to apply the acl for any traffic from 192.168.200.0 network to 192.168.0.0 network?
Hi there, thanks for your questions.
There is no x.x.x.0 assignment to the SVI (VLAN Interface), the diagram shows the entire network. and in the ACL, as I explained we wanted to block the entire traffic from VLAN 200, as a result, we used "deny ip 192.168.200.0 0.0.0.255 ..."
The 0.0.0.255 is opposite of the 255.255.255.0 and it's called "wildcard mask" (instead of subnet mask.
There is an implicit deny all at the end of each ACL. So, we need a permit all other traffic (other than the deny traffic)
For better understanding, I suggest watching the Access List (ACL) video tutorials, where I've explained the structure of the ACLs:
Network#18: Access List - Standard Named ACL: th-cam.com/video/j70vcgCLOJE/w-d-xo.html
Network#19: Access List - Extended ACL: th-cam.com/video/f45ukYQsdtE/w-d-xo.html
i have a query that vlan200 is not accessing vlan 50 ny applying inbound acl but vlan 50 also not accessing vlan 200 is it possible that vlan 50 can access vlan 200 while same acl is applied
ok i got it in network we always need a reply from other side
thanks
Hir sir. May i know if it's possible in intervlan with acl. Let say IT department can ping other dept but the other dept cant ping back the IT department. Thanks
Hi, Thanks for sharing. I have the doubt why access-group command is applied IN to the interface instead of OUT?
I understand that 192.168.200.X is the source and then when going OUT to reach VLAN 50 the ACL applies.
good question, but keep in mind the IP communications usually happen in two-way. you can control your traffic in a way that suit for your environment and device support.
Thank you for this video, helped me a lot.
Glad to hear it!
please feel free to share our channel's link with your friends and colleagues!
Thanks a lot for this , very helpful to fix my requirement :)
how add log to ACL's deny parameters? how Allow ONLY one device in VLAN to access another VLAN?
❤🧡💛💚💙💜🤎🤍
Great video - many thanks.
🤍❤🧡💛💚💙💜🤎
Hi, thank you very much for yours explanations, there are very claires. I could be know: how I can permit the communication des VLAN but in one direction?, for example that VLAN SALES to can communicate with the VLAN IT but VLAN IT can not communicate with VLAN SALES. Thank you very much again, great job!!!
Hi, that is the same question I was going to ask. By any chance did you find an answer?
Thanks in advance!
Hello, what about if I want to deny the traffic from Sales Network to servers network and permit the traffic from servers network to Sales network?
Hello Ahmed , I am struck with this same question . Was there any luck in finding the answer???
HelpFull and Thanks a LOT
Thankyou for your video so informative
Can we block one side traffic in between two vlan
always remember, in a network environment, you need a reply from the other side!
this video rocks
Thanks for your comment
Hello, Its great. But I am able to ping even after applying the access-list. I have made access-list with deny ip any any but still I am able to ping the destination.
Thanks for the comments.
Please double check all the configuration, make sure you've applied the ACL on correct interface and follow the tutorial without missing any part.
let us know what is the result.
exactly what i needed to know, thanks!
Glad to hear it!
Thanks for nice explanation, Could you please also show that IT Department can access Sales department but Sales Department should not access IT department?
Please refer to the answer under HQ video: th-cam.com/video/CAQcPyENCK8/w-d-xo.html&lc=z222sz3wxxrdszl2aacdp434d0vrsduug5r005oym0lw03c010c.1516698419305989
thank you sir
Thanks a lot
you da man
helpful , thank
Hello thanks for sharing knowledge you have whatapp I have an acl query