I have multiple VLANs where I want to allow routing all VLANs to/from one particular special VLAN, but I do not want to route traffic between the "normal" VLANs.

  • 0
  • 1
  • Question
  • Updated 4 years ago
  • Answered
Try this part:

...
entry EverythingElse {
  if match all {
    source-address 0.0.0.0/0;
  }
  then {
    deny  ;
    count Deny;
  }
}

I just finished fighting a similar issue. Without specifying "source anywhere", it denies everything.

In my case I have multiple VLANs where I want to allow routing all VLANs to/from one particular special VLAN, but I do not want to route traffic between the "normal" VLANs.

I'll start a thread on that...
Note: This topic was created from a reply on the static ACL question - block traffic vlan1 to vlan2 with exceptions topic.
Photo of Frank

Frank

  • 3,776 Points 3k badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Official Response
Hello Frank

The ACLs in XOS have a implicit permit not a implicit deny so adding your final entry is needed to make sure that all traffic is dropped unless it is explicitly permitted in the other entries.

Not sure if that is answering your question so if you can provide more information we can look it over.

Thanks
P