ACL list on L3 Switch

interface · ‎11-06-2021

I have L3 switch with 6 vlan. ( 1-2-3-4-5-6)

1 can only have internet connetc.

2-3-4 vlans can go everywhere.

How can i write access list for this ? can you give an example?

and another question is;

how can i config redistribution static route in bgp ?

balaji.bandi · ‎11-06-2021

Look at the example ACL will help you blocking from VLAN 1 to other VLANs

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

how can i config redistribution static route in bgp ?

In general we use below :

router bgp XXX 
redistribute static

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

interface · ‎11-08-2021

First of all thanks for answers.

I found to block vlan 1 against pther though. What command do i need to enter just to go to the internet ? Shouldn't I ACL for other vlans (they have access everywhere)? And finally the command for redistribute is that all? For example, router A has static 10.0.0.1 on one leg and bgp 10.0.0.1 on the other leg. (if there is anything else you can make it up) how can i write it ?

@balaji.bandi

paul driver · ‎11-08-2021

Hello

for the vlan restriction a routed access-list can be applied.

example:
access-list 100 deny ip any 3.3.3.0 0.0.0.255
access-list 100 deny ip any 4.4.4.0 0.0.0.255
access-list 100 deny ip any 5.5.5.50 0.0.0.255
access-list 100 deny ip any 6.6.6.0 0.0.0.255
access-list 100 permit ip any any

in vlan 2
access-group 100 IN

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul