ACL applying over VLAN
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-13-2018 05:26 AM
We have three VLAN's all are inter-VLAN routing.
VLAN-1= 10.3.1.0
VLAN-2= 10.3.2.0
VLAN-3= 10.3.5.0
My boss wants to VLAN-2 and 3 should not communicate with VLAN-1, so that's we implement a policy to disable traffic forwarding to VLAN-1.
After applying this policy over VLAN-1 in ingress direction, VLAN-2 and VLAN-3 is not communicating.
I want VLAN-2 and VLAN-3 Should communicate each other.
VLAN-1= 10.3.1.0
VLAN-2= 10.3.2.0
VLAN-3= 10.3.5.0
My boss wants to VLAN-2 and 3 should not communicate with VLAN-1, so that's we implement a policy to disable traffic forwarding to VLAN-1.
After applying this policy over VLAN-1 in ingress direction, VLAN-2 and VLAN-3 is not communicating.
I want VLAN-2 and VLAN-3 Should communicate each other.
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-13-2018 10:41 AM
Hi,
you have:
- VLAN-1= 10.3.1.0/24
- VLAN-2= 10.3.2.0/24
- VLAN-3= 10.3.5.0/24
and you want to block traffic from VLAN-2 to VLAN-1
then you should apply ACL on VLAN-2 on ingress like bellow:
entry V1_block { if match all {
destination-address 10.3.1.0/24;
} then {
count traffic_to_v1;
deny;
}}
Similar example will be for VLAN-3.
--
Jarek
you have:
- VLAN-1= 10.3.1.0/24
- VLAN-2= 10.3.2.0/24
- VLAN-3= 10.3.5.0/24
and you want to block traffic from VLAN-2 to VLAN-1
then you should apply ACL on VLAN-2 on ingress like bellow:
entry V1_block { if match all {
destination-address 10.3.1.0/24;
} then {
count traffic_to_v1;
deny;
}}
Similar example will be for VLAN-3.
--
Jarek
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-13-2018 05:52 AM
Easier option would be to disable ip forwarding for vlan 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-13-2018 05:52 AM
dont get you. if vlan 2 and vlan 3 should be able to use the uplink. but the uplink connected hosts should not reach vlan 2 and 3 you need a firewall. if vlan2 and vlan 3 should not reach the uplink just disable ipforwarding for vlan 1 cos there is no need for.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-13-2018 05:52 AM
as VLAN-1 is used for uplink, but VLAN-2 and VLAN-3 users should communicate.