10-24-2019 06:29 PM - edited 02-20-2020 09:46 PM
Hello Guys,
I would like to ask if this is possible. I created a Lab using Cisco Packet Tracer version 7.2.2 and I was trying to configure an ACL policy for each VLAN. My question is, where and how do we configure an ACL in an multiple VLAN environment. Please see the image attached for your reference.
Solved! Go to Solution.
10-24-2019 07:09 PM
The ACL must be created and applied on the device that routes the vlan.
For example, if you use the router to route the vlan (RoaS), then the ACL must be created on the router and applied to the corresponding subinterface.
Now, if the vlan are being routed on the L3 switches, then the ACLs must be created on the L3 switch and applied to the corresponding vlan interface (SVI).
Regards
10-24-2019 07:09 PM
The ACL must be created and applied on the device that routes the vlan.
For example, if you use the router to route the vlan (RoaS), then the ACL must be created on the router and applied to the corresponding subinterface.
Now, if the vlan are being routed on the L3 switches, then the ACLs must be created on the L3 switch and applied to the corresponding vlan interface (SVI).
Regards
10-24-2019 07:21 PM
Hi Luis,
As of the moment these VLANs are routed through L3 switches so in this case, should we configure the ACL policies and access group inside the VLAN interface like this?
I.E. Scenario: VLAN 110 are not allowed to access VLAN 130 except other networks.
DS2 (config)#access-list 1 deny 192.168.110.0 0.0.0.255
DS2 (config)#access-list 1 permit any
DS2 (config)#interface VLAN 130
DS2 (config-if)#ip access-group 1 out
Thank you :)
10-24-2019 07:49 PM - edited 10-24-2019 07:50 PM
You are right :)
If you have more doubts, just post them and we will try to help you.
Regards
10-24-2019 09:30 PM
Thank you Luis :)
I just performed the following syntax above but the VLAN 110 is still getting successful PING result from a host in VLAN 130. I', trying to figure out what did I missed.
10-25-2019 02:24 AM
Please, compress your exercise (winzip) and attach it to check.
Regards
10-25-2019 07:13 PM
Hi Luis,
I was able to configure out the solution last night. simply the PT has bugs when I tried to relaunch the application all policies has been successfully applied. Issue is now resolved and really appreciate your assistance :)
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide