Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
632
Views
0
Helpful
1
Replies

Proper way to Block Traffic between Lans - VACL & ACL

ElikCyber
Level 1
Level 1

‎10-22-2011 05:02 PM - edited ‎03-07-2019 02:59 AM

Hello,

  I have been reading up on the VACL and ACL but I am little confused on how to properly implement it.  Basically, I have a VLAN setup with 10.1.100.0/18 which I am using to setup the Local LAN network, but I do not want it to be accessible or seen by the regular network traffic itself at the router and the switches.

    So I been trying to figure out how to properly implement it so that only 2 IPs from regular Network can access the internal LAN itself directly and block everything else to have it hidden.   Since as it is, I can ping or ssh it from regular IP address, and I consider that a security risk, itself, even it is on separate VLAN itself, but using same router for managing all the network.

    So anyone able to give little helpful guide on properly implementing this so I can use it as template and to get further understanding how it is done so I can devise the proper security model for the internet networks?

Labels:
0 Helpful
1 Reply 1

Eugene Khabarov
Level 7
Level 7

‎10-22-2011 11:04 PM

VACL is used to filter trafic inside the local lan (vlan) and ACL is used to filter traffic betheen vlans.

So if you would like to allow only 2 ip's access to your local lan you need to implemet outbound ACL on local lan facing interface.

To block access to router's interface address in local LAN you can implement VACL on switch ports.

---

HTH. Please rate this post if it was helpful. If this solves your problem, please mark this post as "Correct Answer."

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card