Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Configure a VACL to block incoming packets from other vlan

Hi all,

I have 2 vlans, I tried to configure a VACL in order to block the incoming packets but it is not working.

Please your assistance.

Thanks

2 REPLIES

Configure a VACL to block incoming packets from other vlan

This is my configuration

ip access-list extended ALL-SUBNETS

permit ip any any

ip access-list extended ALLOWED-SUBNETS

permit ip 192.168.20.0 0.0.0.255 ANY

permit ip 192.168.19.0 0.0.0.255 ANY

vlan access-map TEST 10

match ip address ALLOWED-SUBNETS

action forward

vlan access-map TEST 15

match ip address ALL-SUBNETS

action drop

vlan filter TEST vlan-list  400

Configure a VACL to block incoming packets from other vlan

VACLs are used for when you want to block traffic within the vlan. You'll need to use regular acls on the L3 svis in order to block traffic between vlans.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
162
Views
0
Helpful
2
Replies