cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
448
Views
0
Helpful
2
Replies

ACL

aksher
Level 1
Level 1

Can an inbound ACL have an ip range as source which does not belong to that VLAN?

2 Replies 2

gojericho0
Level 1
Level 1

Yes, but it will have to be an extended ACL

Lets say your VLAN range is 192.168.1.0/24 you can create a ACL targeted for a different network

Router(config)# access-list 101 allow ip 192.168.2.0 0.0.0.255 any

This would allow any traffic from 192.168.2.0/24

You could then place this access list on the SVI of your VLAN

Router(config-if)#ip access-group 101 in

The only source addresses from that vlan would be 192.168.1.0/24 when the acl is applied in.

int vlan 10

ip addr 192.168.1.1

ip access-group 101 in

If it were applied "out", then the source could be any.