06-10-2014 06:47 PM - edited 03-07-2019 07:42 PM
Good Evening,
I am attempting to create an ACL to block all traffic from WorkstationA to WorkstationB but allow everything else through. In this environment I only have rights to modify the configuration on SwitchB which is a 3750x running an IPbase image. I have already given this a few shots but I can't seem to get this one.
Here is an example:
I have tried the following on switch B:
ip access-list extended BLOCKA
deny ip host 192.168.1.20 any
permit ip any any
----
(conf int port that WorkstationB resides on)
ip access-group BLOCKA in
Is there any way to make this work when you only have access to SwitchB in this example?
Thank you in advance!
06-10-2014 07:03 PM
06-10-2014 07:05 PM
Thank you for the reply Najaf. Unfortunately I only have access to configure SwitchB. I have no control over any other devices in the topology. Any other ideas?
06-10-2014 07:39 PM
Sorry,
My mistake. I read as you have access to router B and not switch B :-(
Since you have your switch configured as L2 your acl will not have any affect
06-10-2014 07:05 PM
Hi,
Is switch-B a layer-2 or a layer-3 device?
If it is layer-2, your ACL is not going to block host-A
HTH
06-10-2014 07:10 PM
Thank you for the reply Reza. This 3750x is running IPBase image but is not really performing any Layer 3 functions. It is just hanging off of RouterB which is handling all layer 3.
06-10-2014 10:45 PM
u shud use vlan acl (vacl) to achieve d desired result on switch. since it is 3750-x it supports vacl.
config can b as follows:
ip access-list extended BLOCK_A
permit ip source dest
ip access-list extended PERMIT_ANY
permit ip any any
vlan access-map A_To_B 10
match ip address BLOCK_A
action drop
vlan access-map A_To_B 20
match ip address PERMIT_ANY
action forward
vlan filter A_To_B vlan-list source vlan id
Relpy me if it solves ur issue
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide