This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ACL for applying over VLAN

ACL for applying over VLAN

Alok_Shukla
New Contributor III

‎02-28-2018 04:00 AM

We have 4 VLAN over Core Switch (MLAG configured)
VLAN 1: 10.3.1.0
VLAN 2: 10.3.2.0
VLAN 3: 10.3.3.0
VLAN 4: 10.3.4.0

we don't want VLAN-3 and VLAN-2 to communicate with VLAN-1.
But VLAN-2 and VLAN-3 should communicate each other.
Help to apply me what ACL should be applying?
7 REPLIES 7

Aman
New Contributor II

‎02-28-2018 04:29 AM

Hi alok,

You can deny the traffic for VLAN 1 from VLAN 2 & VLAN 3.

entry Vlan_2 {
if match all {
source-address 10.3.2.0/24;
Destination-Address 10.3.1.0/24;
}
then {
count Corp_Vlan_2 ;
deny ;
}
}
entry Vlan_3 {
if match all {
source-address 10.3.3.0/24;
Destination-Address 10.3.1.0/24;
}
then {
count Corp_Vlan_Traffic2 ;
deny ;
}

0 Kudos

Alok_Shukla
New Contributor III
In response to Aman

‎02-28-2018 04:29 AM

Thanks Aman
this ACL is applied on ingress direction
0 Kudos

Mel78__CISSP__E
New Contributor III

‎02-28-2018 04:05 AM

The most straightforward way to do is using VRF.
0 Kudos
GTM-P2G8KFN