ACL for VLANs

[MrAce1985]

Hi,
I am looking for someone to help me resolve this. I have a 4 VLANS
VLAN 5-172.21.0.1-172.21.1.254, MASK 255.255.254.0 GW=172.21.0.1
VLAN 10- 172.21.2.1 TO 172.21.3.254 MASK 255.255.254.0 GW= 172.21.2.1
VLAN 15- 192.168.100.1- 192.168.100.254 MASK 255.255.255.0 GW=192.168.100.254
VLAN 20- 172.21.4.172.21.5.254 MASK 255.L255.254.0 GW=172.21.4.1
and I have to configure Access List on Router to allow port-specific traffic from vlan-vto-van
1.LDAP (172.21.0.20)
2.Terminal Services (172.21.0.24)
3.DNS/WINS (172.21.0.22)

Can anybody help to create that ACLs?

 

[imbadatthis]

you can use policy maps if you want VLAN ID's to be matched..

however an extended ACL should work...

(config)#access-list 101 ?

since I have no idea what is connecting to what I can't really write the list for you .. however u can take it from there..
basically

deny/allow
IP

Orignating-network originating-mask-match
destination - network destination-mastk-match
eq port#

ex:

acess-list 101 allow TCP 172.21.0.0 0.0.0.255 host 172.21.0.20 eq 23

allows TCP port 23 from network 172.21.0.0 /24 to a host 172.21.0.20

all acl's end with a deny all command by default.
add all your permits first to hosts
then your deny to hosts
then permit statements to networks
then your deny to networks


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.