Need help with a VACL

Unanswered Question
Aug 5th, 2009
User Badges:

I have 6 locations connected by WAN links. At each location I have a like VLan-VLan 8. I want these VLan's to talk only to each other.

Following is what I came up with-I'm new at this VACL thing so ...

Router(config)# Extended IP access list WM_8

permit ip any

permit ip any

permit ip any

permit ip any

permit ip any

permit ip any

Router(config)# vlan access-map Kiosk WM_8

Router(config-access-map)# match ip address WM_8

Router(config-access-map)# action forward

Router(config-access-map)# exit

Router(config)# vlan filter kiosk vlan-list 8

My question is this what is needed at each location. I assume that at each location I would leave out its corresponding VLan IP. But other than that is this right??

Any help much appreciated.

Does this make sense.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Wed, 08/05/2009 - 11:16
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


"Does this make sense."

Not really no :-)

Are you trying to restrict traffic within a vlan or between vlans. If between vlans which from your description it sounds like you are trying to then you don't use VACLs as these are generally used to restrict traffic within the same vlan.

You need to use standard RACLs (Router acls).

So at each site you have a vlan 8. You only want vlan 8 at each site to be able to communicate with other vlan 8s at the other sites and nowhere else. Is this correct ?

If so can you specify what devices you are using to route the vlans at each site - is it a L3 switch ?



This Discussion