02-15-2020 11:25 PM
Hi,
I have three vlans: user, wireless, dmz. I want to prevent traffic from dmz to user and from dmz to wireless. I implemented these ACLs but it's not working. Traffic is still being allowed. Can you please let me know if I'm doing anything wrong?
ip access-list extended "dmz -> user" deny ip 10.0.0.0 0.0.0.255 10.0.1.0 0.0.0.255 ace-priority 1 exit ip access-list extended "dmz -> wireless" deny ip 10.0.0.0 0.0.0.255 10.0.2.0 0.0.0.255 ace-priority 1 exit
Thanks,
Fabio
Solved! Go to Solution.
02-16-2020 12:57 AM
have you bind the ACL to VLAN ?
02-15-2020 11:57 PM
Hi,
Did you apply it to interface at interface level command " Access-Group input dmz -> user ? If so which interface you applied ?
02-16-2020 12:46 AM - edited 02-16-2020 12:53 AM
I am not very skilled with the CLI so I did everything via the GUI. I don't think that I applied it at interface level. If you share the command with me to try out via CLI I could execute it. Thanks.
02-16-2020 12:32 AM
Hello,
whar device is this GUI screenshot from, which router/switch model ? Somewhere in the GUI there should be a 'Save' and/or 'Apply' button, make sure you have that checked...
02-16-2020 12:47 AM
02-16-2020 12:57 AM
have you bind the ACL to VLAN ?
02-16-2020 01:45 AM
02-16-2020 01:52 AM
Glad all working as expected after binding ACL to VLAN. Cheers!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide