cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

267
Views
5
Helpful
2
Replies
Highlighted
Beginner

VACLS

Hi Guys,

I want to restrict all host within a VLAN from access each other and I thought I'd setup a VACLS. Can someone please view my config below and see if its ok:

ip access-list extended no-contact-forrestplace

permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255

ip access-list standard any-host

permit any

vlan access-map no-contact-forrestplace 10

match ip address no-contact-forrestplace

action drop

exit

vlan access-map no-contact-forrestplace 20

match ip address any-host

action forward

exit

vlan filter no-contact-forrestplace vlan-list 21

Thanks,

Ross.

Everyone's tags (1)
2 REPLIES 2

VACLS

ross_rulz wrote:

Hi Guys,

I want to restrict all host within a VLAN from access each other and I thought I'd setup a VACLS. Can someone please view my config below and see if its ok:

ip access-list extended no-contact-forrestplace

permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255

ip access-list standard any-host

permit any

vlan access-map no-contact-forrestplace 10

match ip address no-contact-forrestplace

action drop

exit

vlan access-map no-contact-forrestplace 20

match ip address any-host

action forward

exit

vlan filter no-contact-forrestplace vlan-list 21

Thanks,

Ross.

Hello Ross,

Try the below config and apply this to vlan 21

ip access-list extended no-contact-forrestplace

permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255

vlan access-map no-contact-forrestplace 10

match ip address no-contact-forrestplace

action drop

vlan access-map no-contact-forrestplace 20

action forward

vlan filter no-contact-forrestplace vlan-list 21

Hope to Help !!

Ganesh

Beginner

VACLS

Yow might want to allow hosts to communicate with default gateway in same subnet.

HTH

Shijo George

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards