VACLS

ross_rulz · ‎07-10-2012

Hi Guys,

I want to restrict all host within a VLAN from access each other and I thought I'd setup a VACLS. Can someone please view my config below and see if its ok:

ip access-list extended no-contact-forrestplace

permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255

ip access-list standard any-host

permit any

vlan access-map no-contact-forrestplace 10

match ip address no-contact-forrestplace

action drop

exit

vlan access-map no-contact-forrestplace 20

match ip address any-host

action forward

exit

vlan filter no-contact-forrestplace vlan-list 21

Thanks,

Ross.

Ganesh Hariharan · ‎07-11-2012

ross_rulz wrote:

Hi Guys,

I want to restrict all host within a VLAN from access each other and I thought I'd setup a VACLS. Can someone please view my config below and see if its ok:

ip access-list extended no-contact-forrestplace

permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255

ip access-list standard any-host

permit any

vlan access-map no-contact-forrestplace 10

match ip address no-contact-forrestplace

action drop

exit

vlan access-map no-contact-forrestplace 20

match ip address any-host

action forward

exit

vlan filter no-contact-forrestplace vlan-list 21

Thanks,

Ross.

Hello Ross,

Try the below config and apply this to vlan 21

ip access-list extended no-contact-forrestplace

permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255

vlan access-map no-contact-forrestplace 10

match ip address no-contact-forrestplace

action drop

vlan access-map no-contact-forrestplace 20

action forward

vlan filter no-contact-forrestplace vlan-list 21

Hope to Help !!

Ganesh

shijogeorge · ‎07-11-2012

Yow might want to allow hosts to communicate with default gateway in same subnet.

HTH

Shijo George