Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
0
Replies

Allow ingress traffic from specific IP to VLAN, but block all egress traffic from VLAN.

jmbrewer9x
Level 1
Level 1

‎02-28-2020 07:17 AM - edited ‎02-28-2020 07:21 AM

Setup an ACL on a 3560 to try to accomplish this. Below is the ACL I have so far, but it doesn't seem to accomplish this.

5 permit ip host 192.168.1.245 192.168.5.0 0.0.0.255    
10 deny ip 192.168.5.0 0.0.0.255 192.168.1.0 0.0.0.255 
20 deny ip 192.168.5.0 0.0.0.255 192.168.2.0 0.0.0.255
30 deny ip 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255
40 permit ip 192.168.5.0 0.0.0.255 any 
50 permit ip any any

 

In this setup, no traffic is getting in or out from the host IP listed on line 5. If I reverse the line to the following, then traffic will flow both ways between the vlan and the host IP.

 

5 permit ip 192.168.5.0 0.0.0.255 host 192.168.1.245

 

Pardon my lack of knowledge here. It's been a few years since I've had to deal with ACLs on switches, so I'm quite rusty. Perhaps what I'm wanting isn't possible either. But basically I'm just wanting anything coming from 192.168.1.245 to be able to access anything on 192.168.5.0/24. But I don't want any traffic originating from 192.168.5.0/24 to be able to get to 1.245 if that makes sense? 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents