Solved: Apply ACL rule src/dst to specific subnet

Woo Choi · ‎08-05-2013

I am trying to create access-list or access-group which matches following on Cisco 3750 switch.

SRC: 192.168.0.10, 192.168.0.11, 192.168.0.12

DST: not equal to 192.168.0.0/24

and

SRC: not equal to 192.168.0.0/24

DST: 192.168.0.10, 192.168.0.11, 192.168.0.12

Once ACL rules are created, I am looking to apply policy-map/class-map accordingly. The purpose of this is to priortize and to apply rate limit on non-internal traffic (192.168.0.0/24 in this case).

Any suggestion/comments are greatly appreciated.

Thank you,

John Blakley · ‎08-05-2013

You could try something like the following:

ip access-list ext VLAN-SRC

deny ip host 192.168.0.10 192.168.0.0 0.0.0.255

deny ip host 192.168.0.11 192.168.0.0 0.0.0.255

deny ip host 192.168.0.12 192.168.0.0 0.0.0.255

permt ip any any

ip access-list ext VLAN-DST

deny ip 192.168.0.0 0.0.0.255 host 192.168.0.10

deny ip 192.168.0.0 0.0.0.255 host 192.168.0.11

deny ip 192.168.0.0 0.0.0.255 host 192.168.0.12

permit ip any any

HTH,

John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎08-05-2013