cancel
Showing results for 
Search instead for 
Did you mean: 

ACL applying over VLAN

ACL applying over VLAN

Alok_Shukla
New Contributor III
We have three VLAN's all are inter-VLAN routing.
VLAN-1= 10.3.1.0
VLAN-2= 10.3.2.0
VLAN-3= 10.3.5.0
My boss wants to VLAN-2 and 3 should not communicate with VLAN-1, so that's we implement a policy to disable traffic forwarding to VLAN-1.

20de3869ed914b83a5ee46919b85c26d_RackMultipart20180313-123421-13boxvu-policy_inline.jpg



After applying this policy over VLAN-1 in ingress direction, VLAN-2 and VLAN-3 is not communicating.

I want VLAN-2 and VLAN-3 Should communicate each other.

7 REPLIES 7

Jarek
New Contributor II
Hi,

you have:

- VLAN-1= 10.3.1.0/24
- VLAN-2= 10.3.2.0/24
- VLAN-3= 10.3.5.0/24

and you want to block traffic from VLAN-2 to VLAN-1
then you should apply ACL on VLAN-2 on ingress like bellow:

entry V1_block { if match all {
destination-address 10.3.1.0/24;
} then {
count traffic_to_v1;
deny;
}}

Similar example will be for VLAN-3.

--
Jarek

Andre_Brits_Kan
Contributor II
Easier option would be to disable ip forwarding for vlan 1

dont get you. if vlan 2 and vlan 3 should be able to use the uplink. but the uplink connected hosts should not reach vlan 2 and 3 you need a firewall. if vlan2 and vlan 3 should not reach the uplink just disable ipforwarding for vlan 1 cos there is no need for.

as VLAN-1 is used for uplink, but VLAN-2 and VLAN-3 users should communicate.
GTM-P2G8KFN