Hi I’m not too experienced with ACL’s so I come here seeking your help.
Recently we had a security audit performed and one of the items that was highlighted was that the production VLAN can see the management VLANs (ie SAN, VM host, Security Cameras). So I need to block this access with a ACL for the majority of our users but still need to exclude some members of our department.
So after doing some research I have come up with this.
interface vlan 1 ip address 10.113.0.1 255.255.0.0 ip access-group BAN_VLAN_2 in ! interface vlan 2 ip address 10.111.0.1 255.255.0.0 ! interface vlan 3 ip address 10.114.0.1 255.255.0.0 ip access-group BAN_VLAN_2 in ! ip access-list extended BAN_VLAN_2 deny ip 10.111.0.0 0.0.255.255 any permit ip any any
You can restrict that with the ACL as you did . That ACL works like any requests coming from VLAN2 (10.111.0.1) to other VLAN's 1 & 3 will get totally blocked. Make sure that you don need anyother specific communications required from vlan 2 to the other vlans 1 & 3.
Cisco Digital Network Architecture Center Tools <Template Editor > In this article, we are going to talk about the Cisco Digital Network Architecture Center Template Editor tool.Cisco DNA Center gives us the flexibility and scalability to confi...
Community Live- Cisco SD-WAN Policies: Leveraging the Full Power of Cisco SD-WAN
(Live event - formerly known as Webcast- Tuesday 24 March, 2020 at 10 am Pacific/ 1 pm Eastern / 6 pm Paris)
This event had place on Tuesday 24th, March 2020 at 10hrs P...
IS there a way to upgrade the ios on a cisco 9200l switch using a usb drive instead of using a tftp server? If so could someone point me to the article or tell me how this can be done? These switches seem to be more complicated than previous switches. Tha...
Hello,I'm needing to integrate the Cisco Firepower 2110 into our Data Center JUST to fulfill Site-to-Site and Remote Access VPN. My SD-WAN ISRs already have FW and IPS running, which is what I want since I have internet breakouts at my branches, so this D...
Hi, Switch 1 and switch 2 connected via trunk. Both configured with new vlan 3.When creating new vlan 3, is it need to include "Spanning-tree vlan 3 priority 8192"- Sw 1 and "Spanning-tree vlan 3 priority 16384"-Sw 2?What will happen for those s...