Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
18499
Views
0
Helpful
4
Replies

Apply extended access-list to vlan interface on a 6509

kope
Level 1
Level 1

‎04-01-2010 01:02 PM - edited ‎03-06-2019 10:25 AM

interface vlan 29

     ip access-group Inbound in

     ip access-group Outboud out

i have a simple extended acl applied to the vlan29 as above, but it did not work.

It seems the problem is---> the which is my inside network and which is my outside network. On a router, it is easily idenfied, since

they have physical interfaces, in general. Can i apply the above access-list on a Cat 6509 just like the router do?

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎04-01-2010 01:07 PM 

kope@northropgrumman.com
interface vlan 29
     ip access-group Inbound in
     ip access-group Outboud out
i have a simple extended acl applied to the vlan29 as above, but it did not work.
It seems the problem is---> the which is my inside network and which is my outside network. On a router, it is easily idenfied, since
they have physical interfaces, in general. Can i apply the above access-list on a Cat 6509 just like the router do?

An acl applied inbound on a vlan interface filters traffic coming FROM hosts on that vlan.

An acl applied outbound on a vlan interface filters traffic going to hosts on that vlan.

Jon

Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎04-02-2010 06:26 AM 

interface vlan 29
     ip access-group Inbound in
     ip access-group Outboud out
i have a simple extended acl applied to the vlan29 as above, but it did not work.
It seems the problem is---> the which is my inside network and which is my outside network. On a router, it is easily idenfied, since
they have physical interfaces, in general. Can i apply the above access-list on a Cat 6509 just like the router do?
Hi,
To apply the ACL in SVI or in Physical port you should have understanding of traffic flow in order to deploy the direction of the acl in interface.
As Jon suggested the direction of ACL,check out the below link on ACL understandings also.
http://www.ciscokits.com/pdf-new/All_about_access_control_lists.pdf
Hope to Help !!
Ganesh.H
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
                
                    
        

	
	

		
	

	


		
	
		

			

	 
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			
			

	

		

			

	
		
			

		


	

	
			

	
	
	 
	
	
	
				
		

			
				
					
					
				
			
		

	
			
	
	
	
	
	


		

	

	

	

	

	

	

	
			
					
				
		

	


	

		
	
	


		

	

		

			

	
		

			
		
			
			
		
		
	
		

	
	


		

	

		

			

	
		

			
		
			

	
			
					sciarrone
					
				
		


		
	
		

	
	

	
		

			
		
				
		
	

	

	
			
				
		
		
			
		
		
		Level 1
		
		
		
		
		
	
			
		

		
			
					
		

			Level 1
		

	
				
		
			
					

	
		In response to Ganesh Hariharan
	
	


				
		
	
		

	
	


		

			

	
		
			
		
			
					
		

			
    

	
		
		
		‎10-29-2013
	
		
		01:50 AM
	
	

	
	
	
	
	
	
	
	
	
	
	
	

		

	
				
		
	
	


		

	

		

			

	
		
			
					
		

	
		

			
				
					
					
						
Hi,
can I use reflexive ACL and apply it on a VLAN?
Thank you,
M

					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
                
                    
        

	
	

		
	

	


		
	
		

			

	 
	 
	
	

	

	

	
		

			

			
	

	

		


	

	
		

			
			

	

		

			

	
		
			

		


	

	
			

	
	
	 
	
	
	
				
		

			
				
					
					
				
			
		

	
			
	
	
	
	
	


		

	

	

	

	

	

	

	
			
					
				
		

	


	

		
	
	


		

	

		

			

	
		

			
		
			
			
		
		
	
		

	
	


		

	

		

			

	
		

			
		
			

	
			
					Guido Arturo Catalano
					
				
		


		
	
		

	
	

	
		

			
		
				
		
	

	

	
			
				
		
		
			
		
		
		Level 1
		
		
		
		
		
	
			
		

		
			
					
		

			Level 1
		

	
				
		
			
					

	
		
	
	


				
		
	
		

	
	


		

			

	
		
			
		
			
					
		

			
    

	
		
		
		‎10-01-2014
	
		
		08:41 PM
	
	

	
	
	
	
	
	
	
	
	
	
	
	

		

	
				
		
	
	


		

	

		

			

	
		
			
					
		

	
		

			
				
					
					
						
On VLAN ACL, the "IN" ACL is aplied  before routing. So, "IN", at this point, refers to traffic going out of the VLAN.
 
IMAGE

					
				
			
			
				
			
			
				
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
			
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
					
			
		
				
		
	
	


		

	

		

			

	
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Helpful

					
				

			
			
		

	
		
    	
		

			
				
					
				
				
			
		

	
    
			

		

	

	

	

    

	

	


				
		
	
	


		

			

	
		
			
					
				
		
			
		
			
		
	
	


		

	

		

			

	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	



		

	

	

	




			
		
    
            

                

            

        

	
		

		
	

	

	



	
                

                
				
            
        
    

    
        


	
			
				

					
						

							
		

			

	
			
				
					
				
				
			
		


		

	
							

								
								
							

							

								

	
									
								


							

						

					
				

			
		
	


    
    
        
        
            
        
        
	
    

	

	

	

	

	



				
			
		
		
	
	


		

			

	
		

			
		
			
 
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:


 

		
	
		

	
	

	
		
				

        

	


		
			
 
 

		
			
		
			

		
			



  

    

      

        

          
Customers Also Viewed These Support Documents

        

        

          

            

              

                

                  
                

              

            

          

        

      

    

    

      
 

    

  




		
			
		
			    

		
					
Review Cisco Networking products for a $25 gift card