Re: Extended ACL inbound and outbound

TechBhole241 · ‎04-23-2024

Good morning friends,

I have created two extended ACLs for in and out of my int vlan and applied it under int vlan for both directions inbound and outbound. I have created ACLs entries like this.

For int vlan no. Out

1 permit ip 10.1.0.0 0.0.255.255 host 10.206.213.131

2 permit ip 10.1.0.0 0.0.255.255 host 10.206.213.132

For int vlan no. In

1 permit ip host 10.206.213.131 10.1.0.0 0.0.255.255

2 permit ip host 10.206.213.132 10.1.0.0 0.0.255.255

after applying these ACLs for inbound and outbound under int vlan no. My problem is still not resolved. Any one help me to solve my problem.

Thanks

Mohan Singh

David Ruess · ‎04-23-2024

Hello,

Can you provide the full configuration of the switch?

Keep in mind VLAN ACL rules

OUT - filters traffic going to devices IN that VLAN

IN - filters traffic coming OUT of that VLAN

Also your instruction say the destination is the 10.0.0.0/8 network whereas you have the 10.10.0.0/16 network configured in the ACL.

-David

Joseph W. Doherty · ‎04-24-2024

What network is the VLAN hosting?

Is there a current ACL? If not, then all traffic should be permitted, i.e. you wouldn't need an ACL to permit any traffic.

If yes, you may need to add ACEs but we need to see the existing ACL.

TechBhole241 · ‎04-24-2024

These are existing ACLs for user related Vlans. Kindly check these and give me appropriate solution for my problem.

Thank you

Mohan Singh

MHM Cisco World · ‎04-24-2024

What is this SW platform?

MHM

MHM Cisco World · ‎04-24-2024

under VLAN54 have subnet 10.1.0.0/24

For int vlan no. IN

1 permit ip 10.1.0.0 0.0.255.255 host 10.206.213.131

2 permit ip 10.1.0.0 0.0.255.255 host 10.206.213.132

For int vlan no. OUT

1 permit ip host 10.206.213.131 10.1.0.0 0.0.255.255

2 permit ip host 10.206.213.132 10.1.0.0 0.0.255.255