This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ACL one way

ACL one way

Kamal_FIKRI
New Contributor

‎04-14-2016 07:53 AM

Hello,
I need to create an access list based on subnet IP source and destination and applied in a VLAN interface, the ACL work fine when we need to block all traffic, but when we try to block the traffic in one way like reflexive ACL in Cisco it doesn't work, here is my ACL:
entry DenyInterVlanRouting {
if match all {
source-address 10.10.1.110/32;
destination-address 10.10.128.245/32;
}
then {
deny ;
}
}
I want to block only from 10.10.1.110 to 10.10.128.245 and allow in the return path.
0 Kudos
10 REPLIES 10

Giuseppe_Montan
Contributor

‎06-15-2023 02:16 AM

Hi, did you fint a way to solve this issue ?

Giuseppe

0 Kudos

Kamal_FIKRI
New Contributor

‎04-14-2016 09:30 AM

Can i make inter vlan isolation, i mean block communication using vlan id with some exception ?
0 Kudos

Senguttuvan__Ar
Extreme Employee

‎04-14-2016 09:22 AM

Ping might not work because you are blocking the return traffic.

I prefer you open a case with TAC.
0 Kudos

Kamal_FIKRI
New Contributor

‎04-14-2016 09:16 AM

for your question, my goal is to block traffic from 10.10.10.58 to 10.10.128.20 and allow 10.10.128.20 to 10.10.10.58. i can ping between theme when there is no ACL, this is how i validate that traffic is forwarded in the Switch,
I tried to make a second ACL to permit ingress traffic in 128 vlan interface but it still blocked
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN