Solved: Layer 3 switch and ACL

maniac79 · ‎08-17-2022

Hello,

I am using a layer 3 switch as the Edge router for my ISP connection.

I've created 2 vlans, one for the WAN with the transport block a /30 and then another vlan for the LAN side which is a /26

Here is what I've created.

interface Vlan10
description WAN
ip address 12.0.0.94 255.255.255.252
!
interface Vlan20
description LAN
ip address 12.1.1.129 255.255.255.192
ip access-group Block-Stuff out

Then I've made an ACL that block basic ports and placed it on the vlan20 interface.

I've got devices plugged into other ports on the switch with public IP addresses and put the port on vlan 20. However my ACL does not seem to work. Any advice? I've used this config numerous times, but typically on a router where I use a layer 2 switch to break out the Public range.

Thank you

Karsten Iwen · ‎08-18-2022

Great if this works. But I still would consider moving the ACL to VLAN 10 in the incoming direction or even add the ACL to the L2-switchport where the internet connects. There you filter earlier in the packet-flow and you can also control the packets that are send to the switch.

View solution in original post

maniac79 · ‎08-17-2022

Nevermind, found a typo my ACL is Block_Stuff out and not Block-Stuff

Karsten Iwen · ‎08-18-2022

Great if this works. But I still would consider moving the ACL to VLAN 10 in the incoming direction or even add the ACL to the L2-switchport where the internet connects. There you filter earlier in the packet-flow and you can also control the packets that are send to the switch.