cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

273
Views
5
Helpful
2
Replies
Highlighted
Beginner

ACL for IoT VLAN

I have a single VLAN for IoT devices and have to lock it down. Only required traffic must be permitted but to specific public IP address. No access to any other VLAN.

 

IoT VLAN network IP 172.16.8.0

 

IP and ports to be used

ICMP host 172.16.8.0 host A.B.C.E
A.B.C.D eq 443
A.B.C.E eq 53
Deny everything else.

 

This is what I have tried: 

10 permit icmp host 172.18.8.0 host A.B.C.E
11 permit tcp host 172.16.8.0 host A.B.C.D eq 443
12 permit tcp host 172.16.8.0 host A.B.C.E eq domain
13 deny ip any any log

 

Thank you

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advisor

Re: ACL for IoT VLAN

Hi there,

Are you sure you just want to permit a singe host on the IoT VLAN? I'm guessing you want to permit the entire subnet, so your config should look like this:

!
int vlan 100
  desc IOT_VLAN
  ip address 172.16.8.0 255.255.255.0
  ip access-group 101 in
!
ip access-list 101 permit icmp 172.18.8.0 0.0.0.255 host A.B.C.E
ip access-list 101 permit tcp 172.18.8.0 0.0.0.255 host A.B.C.D eq 443
ip access-list 101 permit tcp 172.18.8.0 0.0.0.255 host A.B.C.E eq domain
ip access-list 101 deny ip any any log
!

cheers,

Seb.

2 REPLIES 2
VIP Advisor

Re: ACL for IoT VLAN

Hi there,

Are you sure you just want to permit a singe host on the IoT VLAN? I'm guessing you want to permit the entire subnet, so your config should look like this:

!
int vlan 100
  desc IOT_VLAN
  ip address 172.16.8.0 255.255.255.0
  ip access-group 101 in
!
ip access-list 101 permit icmp 172.18.8.0 0.0.0.255 host A.B.C.E
ip access-list 101 permit tcp 172.18.8.0 0.0.0.255 host A.B.C.D eq 443
ip access-list 101 permit tcp 172.18.8.0 0.0.0.255 host A.B.C.E eq domain
ip access-list 101 deny ip any any log
!

cheers,

Seb.

Beginner

Re: ACL for IoT VLAN

Thanks Seb and I can't believe I've missed this one.

 

Regards,

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards