Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Combining multipe ACL's

Hi,

I have a lot of VLAN's on the network and require the same set of ACL's for each VLAN with only a minor addition. Therefore, is there a way to create a default ACL and combine it with another ACL then add to the the interface. This will save a lot of thime and propogate ACL changes to all interfaces in the future.

ip access-list extended DefaultACLinbound

      permit ip x.x.x.x m.m.m.m

      permit ip x.x.x.x m.m.m.m

      permit ip x.x.x.x m.m.m.m

      permit ip x.x.x.x m.m.m.m

     permit ip x.x.x.x m.m.m.m

ip access-list extended Building26ACLinbound

      permit ip x.x.x.x m.m.m.m

      permit ip x.x.x.x m.m.m.m

DefaultACLinbound + Building26ACLinbound = B26ACLinbound

Interface vlan 260

     ip access-group B26ACLinbound in

Thanks

Mike

Everyone's tags (3)
3 REPLIES

Combining multipe ACL's

Hi Mike,

As far as i know you cannot do that in VACL/Routed interface ACL rather you can do that only for Qos using class-map and policy map.

Am not sure if this feature is available in latest versions also.

By

Karthik

Re: Combining multipe ACL's

Hi

yes, as far as i know Karthik is right.

But what do your subnets look like? Can you combine the subnets so that you can get all statements into one acl instead of 2?

This is what i do overhere (as far as possible with my subnets) and that way i have one and the same acl on many interfaces.

Something like

Extended IP access list traffic-to-server-outside

10 permit tcp 10.1.64.0 0.0.63.255 any eq ftp-data  (all subnets from 10.1.64.0 to 10.1.127.0)

20 permit tcp 10.1.144.0 0.0.7.255 any eq ftp-data  (all subnets from 10.1.144.0 to 10.1.151.0)

etcetera

      

New Member

Combining multipe ACL's

Hi,

Thanks for your help. shame there is no easy solution.

Mike

275
Views
0
Helpful
3
Replies
CreatePlease to create content