Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Apply ACL rule src/dst to specific subnet

I am trying to create access-list or access-group which matches following on Cisco 3750 switch.

SRC: 192.168.0.10, 192.168.0.11, 192.168.0.12

DST: not equal to 192.168.0.0/24

and

SRC: not equal to 192.168.0.0/24

DST: 192.168.0.10, 192.168.0.11, 192.168.0.12

Once ACL rules are created, I am looking to apply policy-map/class-map accordingly.  The purpose of this is to priortize and to apply rate limit on non-internal traffic (192.168.0.0/24 in this case).

Any suggestion/comments are greatly appreciated.

Thank you,

1 ACCEPTED SOLUTION

Accepted Solutions

Apply ACL rule src/dst to specific subnet

You could try something like the following:

ip access-list ext VLAN-SRC

deny ip host 192.168.0.10 192.168.0.0 0.0.0.255

deny ip host 192.168.0.11 192.168.0.0 0.0.0.255

deny ip host 192.168.0.12 192.168.0.0 0.0.0.255

permt ip any any

ip access-list ext VLAN-DST

deny ip 192.168.0.0 0.0.0.255 host 192.168.0.10

deny ip 192.168.0.0 0.0.0.255 host 192.168.0.11

deny ip 192.168.0.0 0.0.0.255 host 192.168.0.12

permit ip any any

HTH,

John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
2 REPLIES

Apply ACL rule src/dst to specific subnet

You could try something like the following:

ip access-list ext VLAN-SRC

deny ip host 192.168.0.10 192.168.0.0 0.0.0.255

deny ip host 192.168.0.11 192.168.0.0 0.0.0.255

deny ip host 192.168.0.12 192.168.0.0 0.0.0.255

permt ip any any

ip access-list ext VLAN-DST

deny ip 192.168.0.0 0.0.0.255 host 192.168.0.10

deny ip 192.168.0.0 0.0.0.255 host 192.168.0.11

deny ip 192.168.0.0 0.0.0.255 host 192.168.0.12

permit ip any any

HTH,

John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Apply ACL rule src/dst to specific subnet

Thank you very much John =)

176
Views
0
Helpful
2
Replies
CreatePlease to create content