Solved: ACL(s) for Same VLAN Traffic

michaelyentsch · ‎08-27-2013

Hi, I'm using a Cisco 2960 and I'm trying to create an ACL to block communication to and from specific IPs. More specifically, I want to block communication to other hosts on the same VLAN. All other traffic should be able to get in/out. I've been testing by creating some extended and standard ACLs but I'm unable to have them affect the traffic inside the VLAN.

Do I need to be using VLAN access maps? If so, would someone be able to provide some syntax and/or explain how to implement them? I'm not too familiar with ACLs.

Thanks, in advance.

Kelvin Willacey · ‎08-27-2013

This should help:

http://blog.ine.com/2009/08/10/vlan-access-control-lists-vacls-tiers-1/

View solution in original post

Kelvin Willacey · ‎08-27-2013

This should help:

http://blog.ine.com/2009/08/10/vlan-access-control-lists-vacls-tiers-1/

michaelyentsch · ‎08-28-2013

Ah, you the man. This blog did a great job at clarifying things for me. Not an information overload, but hit all the importants points.

Thanks!

michaelyentsch · ‎08-28-2013

Annnnnd not that anyone really cares, but I got this working on my test switch thanks to KWillacy's help. Then I found that the production switch for which I was running these tests doesn't support VACLs....

*womp womp wommmmmmpp*

Kelvin Willacey · ‎08-28-2013

Oh too bad, at least it worked