Reflexive ACL on a switch interface

Unanswered Question
Nov 11th, 2009

Is there any reason a reflexive ACl will not work on a switch port? I see that most examples pertain to routers. We have a 4510 with a Sup 6. I have not tried it yet, but here is the config I came up with :

ip access-list extended internal_acl

permit tcp any any reflect tcptraff

permit udp any any reflect udptraff

permit icmp any any reflect icmptraff

ip access-list extended external_acl

evaluate tcptraff

evaluate udptraff

evaluate icmptraff

deny ip any any

int g1/48

ip access-group internal_acl out

ip access-group external_acl in

Does this look like it will work? Being that the 4510 can't do NAT I need to "hide" what is connected to this particular switch interface. Suggestions?

Poirot

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion