Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
0
Helpful
2
Replies

VCAl to limit communication between devices in same vlan?

Go to solution
darrenriley5
Level 1
Level 1

‎06-08-2010 02:34 AM - edited ‎03-06-2019 11:28 AM

hi,

Could I use a vacl to deny two devices in the same vlan and connected to the same switch (65000) to communicate with each other and permit communication between all other devices in that vlan.

Thanks

Darren

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎06-08-2010 06:35 AM 

darrenriley5 wrote:
hi,
Could I use a vacl to deny two devices in the same vlan and connected to the same switch (65000) to communicate with each other and permit communication between all other devices in that vlan.
Thanks
Darren

access-list 101 deny ip host 192.168.5.10 host 192.168.5.11

access-list 101 deny ip host 192.168.5.11 host 192.168.5.10

access-list 102 permit ip any any

vlan access-map vfilter 10

match ip address 101

action drop

vlan access-map vfilter 20

match ip address 102

action forward

Jon

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎06-08-2010 06:35 AM 

darrenriley5 wrote:
hi,
Could I use a vacl to deny two devices in the same vlan and connected to the same switch (65000) to communicate with each other and permit communication between all other devices in that vlan.
Thanks
Darren

access-list 101 deny ip host 192.168.5.10 host 192.168.5.11

access-list 101 deny ip host 192.168.5.11 host 192.168.5.10

access-list 102 permit ip any any

vlan access-map vfilter 10

match ip address 101

action drop

vlan access-map vfilter 20

match ip address 102

action forward

Jon

0 Helpful

Go to solution
Chetan Kumar Ress
Level 4
Level 4

‎06-08-2010 06:58 AM

Hi

VLAN ACL is not same as Access List .

VLAN ACL is not associated with any interface & The behaviour of VLAN ACL is different from Access List.

VLAN ACL can Drop the traffic that passess through switch & Create same seq to pass rest of traffic,

We can't create an ACL that  say permit 2 users & Deny 10 users.It won't work. You have to define that which user should be droped.

So to work properly you should define correct access list.

It is same as route-map , where you match the Access List & Define that whether that will be Drop or Forward or Redirect.

For More detail you can refer  the below Link

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_vlanacls.pdf

Regards

Chetan Kumar

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card