Combining multipe ACL's

Mike Hulme · ‎07-29-2012

Hi,

I have a lot of VLAN's on the network and require the same set of ACL's for each VLAN with only a minor addition. Therefore, is there a way to create a default ACL and combine it with another ACL then add to the the interface. This will save a lot of thime and propogate ACL changes to all interfaces in the future.

ip access-list extended DefaultACLinbound

permit ip x.x.x.x m.m.m.m

ip access-list extended Building26ACLinbound

permit ip x.x.x.x m.m.m.m

DefaultACLinbound + Building26ACLinbound = B26ACLinbound

Interface vlan 260

ip access-group B26ACLinbound in

Thanks

Mike

nkarthikeyan · ‎07-29-2012

Hi Mike,

As far as i know you cannot do that in VACL/Routed interface ACL rather you can do that only for Qos using class-map and policy map.

Am not sure if this feature is available in latest versions also.

By

Karthik

Ton V Engelen · ‎07-30-2012

Hi

yes, as far as i know Karthik is right.

But what do your subnets look like? Can you combine the subnets so that you can get all statements into one acl instead of 2?

This is what i do overhere (as far as possible with my subnets) and that way i have one and the same acl on many interfaces.

Something like

Extended IP access list traffic-to-server-outside

10 permit tcp 10.1.64.0 0.0.63.255 any eq ftp-data (all subnets from 10.1.64.0 to 10.1.127.0)

20 permit tcp 10.1.144.0 0.0.7.255 any eq ftp-data (all subnets from 10.1.144.0 to 10.1.151.0)

etcetera

Mike Hulme · ‎07-31-2012

Hi,

Thanks for your help. shame there is no easy solution.

Mike