Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1089
Views
5
Helpful
4
Replies

allow an IP in VACL

Go to solution
night-fury
Level 1
Level 1

‎11-29-2017 10:38 AM - edited ‎03-08-2019 12:55 PM

Hi,

 

I have a VACL configured as below:

 

access-list 100 permit ip 172.16.1.0 0.0.0.127 host 172.16.0.52

vlan access-map ABC 10
 match ip address 100
 action drop
vlan access-map ABC 20
 action forward

vlan filter cls vlan-list 1

 

Now this VACL blocks ips 172.16.1.0 - 172.16.1.127. I want to allow one of the IPs say 172.16.1.16 - this IP should be able to connect to 172.16.0.52

 

Can this be achieved? i am unable to figure out a way.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎11-29-2017 11:15 AM

Hi,

You need to modify your acl to deny the host you want to allow:

access-list 100 deny ip host 172.16.1.16 host 172.16.0.52
access-list 100 permit ip 172.16.1.0 0.0.0.127 host 172.16.0.52


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

4 Replies 4

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎11-29-2017 11:15 AM

Hi,

You need to modify your acl to deny the host you want to allow:

access-list 100 deny ip host 172.16.1.16 host 172.16.0.52
access-list 100 permit ip 172.16.1.0 0.0.0.127 host 172.16.0.52


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
night-fury
Level 1
Level 1
In response to Francesco Molino

‎12-04-2017 09:40 PM

thank you. this worked seamlessly with my already existing ACL !!
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to night-fury

‎12-05-2017 04:10 PM

You're welcome!

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
paul driver
VIP
VIP

‎11-29-2017 11:35 AM

Hello

Try:


access-list 101 permit host 172.16.1.16 host 172.16.0.52
vlan access-map ABC 5
match ip address 101
action forward


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card