Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
2
Replies

ACL to control traffic

HMidkiff
Level 1
Level 1

‎11-04-2008 07:12 AM - edited ‎03-04-2019 12:10 AM

I have several remote offices and all offices use the same VLAN's 1,2,3,4,5,6,etc... I was able to create an access-list which will only allow VLAN 1 in one remote office to communicate with VLAN 1 in the other remote offices. The problem I have is when traffic tries to route to the Internet. Normally I would just add an ANY statement for this. But if I do that then all the traffic will be permitted. The other way would be to individually deny traffic to the VLAN's. But this would require a lot of statements and might be difficult to manage. I think there is an easier way to do this. Does anyone have any suggestions. Thanks.

Labels:
0 Helpful
2 Replies 2

John Blakley
VIP Alumni
VIP Alumni

‎11-04-2008 07:21 AM

If I understand your question correctly, you need to block your traffic at the closest point possible by adding acl's to each of your branches. If they are contiguous blocks (vlan1,2, and 3 - ip 192.168.1.0, 2.0, 3.0 respectively, you may want to look into creating an ACL that summarizes the networks that you want to block. Put that at the top of your list, and then permit your local traffic out to everything else.

--John

HTH, John *** Please rate all useful posts ***
0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to John Blakley

‎11-04-2008 07:22 AM

Oh, and if they can't be easily summarized, you will be limited to creating an entry for each subnet you want to block.

--John

HTH, John *** Please rate all useful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card