02-15-2020 11:25 PM
Hi,
I have three vlans: user, wireless, dmz. I want to prevent traffic from dmz to user and from dmz to wireless. I implemented these ACLs but it's not working. Traffic is still being allowed. Can you please let me know if I'm doing anything wrong?
ip access-list extended "dmz -> user" deny ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255 ace-priority 1 exit ip access-list extended "dmz -> wireless" deny ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255 ace-priority 1 exit
Thanks,
Fabio
Solved! Go to Solution.
02-16-2020 12:57 AM
have you bind the ACL to VLAN ?
02-15-2020 11:57 PM
Hi,
Did you apply it to interface at interface level command " Access-Group input dmz -> user ? If so which interface you applied ?
02-16-2020 12:46 AM - edited 02-16-2020 12:53 AM
I am not very skilled with the CLI so I did everything via the GUI. I don't think that I applied it at interface level. If you share the command with me to try out via CLI I could execute it. Thanks.
02-16-2020 12:32 AM
Hello,
whar device is this GUI screenshot from, which router/switch model ? Somewhere in the GUI there should be a 'Save' and/or 'Apply' button, make sure you have that checked...
02-16-2020 12:47 AM
02-16-2020 12:57 AM
have you bind the ACL to VLAN ?
02-16-2020 01:45 AM
02-16-2020 01:52 AM
Glad all working as expected after binding ACL to VLAN. Cheers!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: