Single direction ACL

TechBhole241 · ‎04-13-2024

Good afternoon,

My query related to ACL . If any user want to ACL for single direction apply then how can I apply on interface vlan it will be outbound or inbound. Please help me anybody. Related screenshot I have shared in this post .

Mohan Singh

balaji.bandi · ‎04-13-2024

its all depends on the devices where you apply - Router/ Switch or Firewall

Firewalls are statefull

Router and Switches are stateless.

Single as per your requirement only source can initiate the traffic to outside, (outside can not initiate the traffic back which will be denied.)

example if you like return traffic on router you can use established command to allow already intiated connection inside to outside:

https://community.cisco.com/t5/networking-knowledge-base/how-to-configure-acls-to-permit-only-established-connections-and/ta-p/3127503

more command syntax :

https://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Gopinath_Pigili · ‎04-13-2024

Hello mohansingh2015knp,

Already mentioned......it's besed on where you want to create...Router/Switch(L3) or Firewall.

Based on image you provided...I understand that the requirement to create an Extended ACL. The Extended ACL's should be configured closure to the source. so, You will be needed to impliment on the Source Interface in inbound direction.

Here is the sample configuration:

access-list 101 permit tcp host 10.206.213.131 10.0.0.0 0.255.255.255

access-list 101 permit tcp host 10.206.213.132 10.0.0.0 0.255.255.255

Interface Gigx/x

ip access-group 101 in

Best regards
******* If This Helps, Please Rate *******