cancel
Showing results for 
Search instead for 
Did you mean: 

S Series Inbound Port Policy Deny Subnet

S Series Inbound Port Policy Deny Subnet

Walt_Witkowski
New Contributor II

We are routing multiple networks with S-Series routers.  Multiple networks inbound on a trunk port from closet switches.  At one point we set policies on the closet switch ports to deny destination ip range access.  EX.  Student Vlan defined port was manually assigned a policy to deny access to certain ip ranges (Employee vlans).  This can be troublesome because of the amount of moves and changes that take place in our environment at the closet level. We would like to do something similar on the S-Series core inbound trunk ports but by vlan definition?    But in this case its a trunk port so we want to deny the student subnet access to the employee range but not all traffic.   .

1 REPLY 1

Zdeněk_Pala
Valued Contributor III

On S-series you should be able to use source IP mapping to Policy Role:

ed258e41dbad4ceda2d78cd9099ed490_e3d5d857-1411-4bab-b5ce-359c075d4726.png

 

Then in rules you can define your actions…

 

Z.

Regards Zdeněk Pala
GTM-P2G8KFN