This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Question about dynamic ACL

Question about dynamic ACL

EtherNation_Use
Contributor II

‎01-07-2014 10:50 PM

Create Date: Jul 17 2012 6:36AM

Hi experts, I want to implement ACL in my work but I have a problem. I have 3 VLANs :

vlan 4 : administrative users
vlan 5: call center users
vlan 10 : servers

I want to block traffic from vlan 5 to vlan 4, but I dont want to block traffic from vlan 4 to vlan 5.

I did 2 dynamic ACL :

entry BlockTCP-to-172.17.4.0 {
if {
destination-address 172.17.4.0/24;
protocol tcp;
} then {
deny true;
}
}

entry BlockUDP-to-172.17.4.0 {
if {
destination-address 172.17.4.0/24;
protocol udp;
} then {
deny true;
}
}

These dynamic ACL, I applied to vlan 5 but the traffic is blocked in both directions.

Can anyone help me?

Sorry for my bad english language.

Regards

JL (from jonatan_lezcano)
0 Kudos
2 REPLIES 2

EtherNation_Use
Contributor II

‎01-07-2014 10:50 PM

Create Date: Jul 18 2012 3:58PM

Why don't you just go ahead and disable ipforwarding between the VLANs.

di ipforwarding (from Arpit_Bhatt)
0 Kudos

EtherNation_Use
Contributor II

‎01-07-2014 10:50 PM

Create Date: Jul 18 2012 8:52AM

Hi johnadq,

try this:
entry BlockTCP-to-172.17.4.0
{if
{destination-address 172.17.4.0/24;
protocol tcp;
tcp-flags syn;
}
then
{
deny;
}
}

--
Jarek (from Jaroslaw_Kasjaniuk)
0 Kudos
GTM-P2G8KFN