Need help with a VACL

Unanswered Question
Aug 5th, 2009

I have 6 locations connected by WAN links. At each location I have a like VLan-VLan 8. I want these VLan's to talk only to each other.

Following is what I came up with-I'm new at this VACL thing so ...

Router(config)# Extended IP access list WM_8

permit ip 10.33.8.0 0.255.255.255 any

permit ip 10.34.8.0 0.255.255.255 any

permit ip 10.38.8.0 0.255.255.255 any

permit ip 10.50.8.0 0.255.255.255 any

permit ip 10.63.8.0 0.255.255.255 any

permit ip 10.32.8.0 0.255.255.255 any

Router(config)# vlan access-map Kiosk WM_8

Router(config-access-map)# match ip address WM_8

Router(config-access-map)# action forward

Router(config-access-map)# exit

Router(config)# vlan filter kiosk vlan-list 8

My question is this what is needed at each location. I assume that at each location I would leave out its corresponding VLan IP. But other than that is this right??

Any help much appreciated.

Does this make sense.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 08/05/2009 - 11:16

Stuart

"Does this make sense."

Not really no :-)

Are you trying to restrict traffic within a vlan or between vlans. If between vlans which from your description it sounds like you are trying to then you don't use VACLs as these are generally used to restrict traffic within the same vlan.

You need to use standard RACLs (Router acls).

So at each site you have a vlan 8. You only want vlan 8 at each site to be able to communicate with other vlan 8s at the other sites and nowhere else. Is this correct ?

If so can you specify what devices you are using to route the vlans at each site - is it a L3 switch ?

Jon

Actions

This Discussion