08-08-2019 09:46 AM
Hello,
I am trying to block icmp traffic on my multiplayer sourcing from VLAN 99 to VLAN 15. Also, I would like to allow specific traffic i.e. port 80 from VLAN 99 to able to hit VLAN 15.
ip access-list extended test
permit icmp 192.168.99.0 0.0.0.255 192.168.15.0 0.0.0.255
vlan access-map DROPTRAFFIC 10
match ip address test
action drop
exit
vlan access-map DROPTRAFFIC 20
action forward
exit
vlan filter DROPTRAFFIC vlan-list 99
Please let me know if I am doing anything wrong here because I couldn't get it to work.
Solved! Go to Solution.
08-09-2019 12:31 AM - edited 08-09-2019 12:33 AM
Hello
Below Racl should allow http traffic from vlan 15 but deny any other access from that vlan.
Access-list 10 permit tcp 192.168.15.0 0.0.255 any eq 80
Access-list 10 deny ip 192.168.15.0 0.0.255 any
Access-list 10 deny icmp 192.168.15.0 0.0.255 any
Access-list 10 permit ip any any
int vlan 99
ip access-group 10 OUT
08-08-2019 10:34 AM - edited 08-08-2019 10:36 AM
looks ok to me; Replace name of ACL "test" with number like 100
what switch ver ? what ios ver ?
double check IP addressing.
what does and what does not work? ping? trace? other traffic
08-08-2019 10:43 AM
Version 15.2(1)SY1a
It just drops all the other traffic as well.
08-09-2019 12:31 AM - edited 08-09-2019 12:33 AM
Hello
Below Racl should allow http traffic from vlan 15 but deny any other access from that vlan.
Access-list 10 permit tcp 192.168.15.0 0.0.255 any eq 80
Access-list 10 deny ip 192.168.15.0 0.0.255 any
Access-list 10 deny icmp 192.168.15.0 0.0.255 any
Access-list 10 permit ip any any
int vlan 99
ip access-group 10 OUT
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: