Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
895
Views
0
Helpful
3
Replies

VACL confusion.

Go to solution
Rockyy
Level 1
Level 1

‎08-08-2019 09:46 AM

Hello,

 

I am trying to block icmp traffic on my multiplayer sourcing from VLAN 99 to VLAN 15. Also, I would like to allow specific traffic i.e. port 80 from VLAN 99 to able to hit VLAN 15.

 

ip access-list extended test 

permit icmp 192.168.99.0 0.0.0.255 192.168.15.0 0.0.0.255

 

vlan access-map DROPTRAFFIC 10
match ip address test 
action drop
exit
vlan access-map DROPTRAFFIC 20
action forward
exit

vlan filter DROPTRAFFIC vlan-list 99

 

Please let me know if I am doing anything wrong here because I couldn't get it to work.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎08-09-2019 12:31 AM - edited ‎08-09-2019 12:33 AM

Hello

Below Racl should allow http traffic from vlan 15 but deny any other access from that vlan.


Access-list 10 permit tcp 192.168.15.0 0.0.255 any eq 80
Access-list 10 deny ip 192.168.15.0 0.0.255 any
Access-list 10 deny icmp 192.168.15.0 0.0.255 any
Access-list 10 permit ip any any

int vlan 99
ip access-group 10 OUT


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Martin L
VIP
VIP

‎08-08-2019 10:34 AM - edited ‎08-08-2019 10:36 AM

 

looks ok to me; Replace name of ACL "test" with number like 100

what switch ver ? what ios ver ?

double check IP addressing.

what does and what does not work?  ping? trace? other traffic

0 Helpful

Go to solution
Rockyy
Level 1
Level 1
In response to Martin L

‎08-08-2019 10:43 AM

Version 15.2(1)SY1a

It just drops all the other traffic as well.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎08-09-2019 12:31 AM - edited ‎08-09-2019 12:33 AM

Hello

Below Racl should allow http traffic from vlan 15 but deny any other access from that vlan.


Access-list 10 permit tcp 192.168.15.0 0.0.255 any eq 80
Access-list 10 deny ip 192.168.15.0 0.0.255 any
Access-list 10 deny icmp 192.168.15.0 0.0.255 any
Access-list 10 permit ip any any

int vlan 99
ip access-group 10 OUT


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents