Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
350
Views
0
Helpful
1
Replies

TCP 'established' keyword with SVI interfaces

tedauction
Level 1
Level 1

‎06-07-2017 04:52 PM - edited ‎03-08-2019 10:53 AM

Hello, I am trying to clarify:

I have an SVI inteface and I want to block externally generated traffic coming in to my LAN unless it was originated by internal LAN clients.

Therefore I was going to used the 'established' keyword with an 'inbound' ACL. Do I have my directions correct ?

Thank you kindly.

permit tcp x.x.x.x x.x.x.x. x.x.x.x x.x.x.x  eq x established

Placed on SVI interface:

access-group RestrictTCP inbound

Labels:
0 Helpful
1 Reply 1

Reza Sharifi
Hall of Fame
Hall of Fame

‎06-07-2017 05:47 PM

Hi,

If you are trying to block externally generated traffic coming to this vlan, the acl needs to be applied in outbound direction.  Inbound is used for traffic coming from hosts in the same vlan. 

HTH

0 Helpful
Customers Also Viewed These Support Documents