Solved: Configuring Extended ACL - for 2 machines

roliveira11 · ‎11-05-2019

Hi Cisco Community! I have a silly question.

I'm looking to configure an ACL to allow 10.0.1.43 to ONLY be able to communicate with 10.0.254.52 via any protocol but no other machines or internet. The machines are part of the same broadcoast domain but they do reside on different switches. I believe I need to configure the extended ACL at the switch where 10.0.1.43 resides as that is the originating traffic and the machine I'm attempting to isolate to one other machine for communication.

10.0.1.43 is connected to Switch-A.. on port 1/42.. 10.0.254.52 is connected to switch-B.. The gateway for the LAN(10.0.0.1/16) is an inside interface of a Sonicwall Firewall but the switches have SVI's for the broadcoast domain.

Any assistance with CLI syntax would be greatly appreciated!

TY

balaji.bandi · ‎11-05-2019

If your switch act as L2 Switch and all the Device /16 subnet is routed to your FW - they are a single broadcast domain in this case, they contact each other directly.

I believe you should look for MAC ACL - 10.0.1.43 to 10.0.254.52 - for the internet you can block on your SonicWall for the IP, not to dom translation or deny.

here is good example :

https://blog.ine.com/an-introduction-to-mac-access-lists

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎11-05-2019