Showing results for 
Search instead for 
Did you mean: 

Basic ACL Help with EOS on a SSA 150

Basic ACL Help with EOS on a SSA 150

New Contributor II

due to a Company policy i have to use a SSA 150 as a central Routing Switching System with NAT & Basic Firewall.

I have created Static & Dynamic Nat Rules and all works fine .. now i have to secure the Server vlan with an ACL.

I ́m not so familiar with ACL and perhaps you can help me with an example :

Konfig :

Internal Network : 5 VLANS with 172.16.X.0 /24

Public Network : 195.37.81 /24 (Example )

VLAN 30 for the Server :

I Need a ACL for the VLAN 30 with contain the following :

- Rule 1 : everybody from internal Network can Access all from VLAN 30

Permit ip any ( correct ? )

Rule 3 : all other Public IP ́s can Access the VLAN 30 ( Static NAT Rules )

Permit ip any

- Rule 3 all from outside the world can Access the Webserver on Port 80 on Host


- Rule 4 only Host (Example) can acccess the Port: 3389 on Host


of course i need a bunch of Rules like 3 or 4 .. but with one example from you .. i would complete this ...

Many THX for Help


New Contributor II
thx .. meanwhile i have read something bout the difference between IN and OUTBOUND ... Access Lists .. i have a lapse of thought about this ... perhaps i will find a doc .. that descibes this absolutely clear

Extreme Employee
Assuming the ACL is outbound on vlan 30 than the first rules are correct.

To permit all host on port 80 to one server
permit tcp any host eq 80

For sprcific host
permit tcp Host Host eq 3389

Use the folowing article for guidance.