Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1486
Views
0
Helpful
1
Replies

This VACL does not work and I do not know why

jon.baxter1
Level 1
Level 1

‎03-31-2020 11:46 AM

when i apply this, nothing works.  i have 3 vlans and i want vlan 100 and 101 to talk to each other but vlan 102 to not talk to the other two.  and i just dont know where to begin.  i jsut get very turned around on these these things

 

VLAN100 192.168.100.X

VLAN101 192.168.101.X

VLAN102 192.168.102.X

 

vlan access-map MYXMAP 10
match ip address MYXLIST
action forward
vlan access-map MYXMAP 20
action drop

!
vlan filter MYXMAP vlan-list 1-4094
!
ip access-list extended MYXLIST
permit ip 192.168.100.0 0.0.0.255 192.168.101.0 0.0.0.255
permit ip 192.168.101.0 0.0.0.255 192.168.100.0 0.0.0.255
permit ip any any

Labels:
0 Helpful
1 Reply 1

Seb Rupik
VIP Alumni
VIP Alumni

‎03-31-2020 01:44 PM

Hi there,

When you say nothing works, do you mean there is no comms between subnets when applied or that the VACL doesn't work as intended?

 

The permit ip any any you have at the bottom of MYXLIST ACL shadows the preceding ACEs and makes them redundant. I suggest removing the last ACE and let the implicit deny do its work and retest:

!
ip access-list extended MYXLIST
  no permit ip any any
!

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents