Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
432
Views
0
Helpful
2
Replies

Configure a VACL to block incoming packets from other vlan

Julio E. Moisa
VIP
VIP

‎11-07-2013 10:11 PM - edited ‎03-07-2019 04:29 PM

Hi all,

I have 2 vlans, I tried to configure a VACL in order to block the incoming packets but it is not working.

Please your assistance.

Thanks




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Labels:
0 Helpful
2 Replies 2

Julio E. Moisa
VIP
VIP

‎11-07-2013 10:16 PM

This is my configuration

ip access-list extended ALL-SUBNETS

permit ip any any

ip access-list extended ALLOWED-SUBNETS

permit ip 192.168.20.0 0.0.0.255 ANY

permit ip 192.168.19.0 0.0.0.255 ANY

vlan access-map TEST 10

match ip address ALLOWED-SUBNETS

action forward

vlan access-map TEST 15

match ip address ALL-SUBNETS

action drop

vlan filter TEST vlan-list  400




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to Julio E. Moisa

‎11-08-2013 05:44 AM

VACLs are used for when you want to block traffic within the vlan. You'll need to use regular acls on the L3 svis in order to block traffic between vlans.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card