08-17-2022 12:43 PM - last edited on 08-24-2022 02:32 AM by Translator
Hello,
I am using a layer 3 switch as the Edge router for my ISP connection.
I've created 2 vlans, one for the WAN with the transport block a /30 and then another vlan for the LAN side which is a /26
Here is what I've created.
interface Vlan10
description WAN
ip address 12.0.0.94 255.255.255.252
!
interface Vlan20
description LAN
ip address 12.1.1.129 255.255.255.192
ip access-group Block-Stuff out
Then I've made an ACL that block basic ports and placed it on the vlan20 interface.
I've got devices plugged into other ports on the switch with public IP addresses and put the port on vlan 20. However my ACL does not seem to work. Any advice? I've used this config numerous times, but typically on a router where I use a layer 2 switch to break out the Public range.
Thank you
Solved! Go to Solution.
08-18-2022 02:41 AM
Great if this works. But I still would consider moving the ACL to VLAN 10 in the incoming direction or even add the ACL to the L2-switchport where the internet connects. There you filter earlier in the packet-flow and you can also control the packets that are send to the switch.
08-17-2022 12:47 PM
Nevermind, found a typo my ACL is Block_Stuff out and not Block-Stuff
08-18-2022 02:41 AM
Great if this works. But I still would consider moving the ACL to VLAN 10 in the incoming direction or even add the ACL to the L2-switchport where the internet connects. There you filter earlier in the packet-flow and you can also control the packets that are send to the switch.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide