I'm trying to figure out the best method to use for blocking all access on VLAN 7 from VLAN 3. I know the best rule of thumb for extended ACLs is to put it as close to the destination as possible so that makes me think it should be configured on VLAN 3. but right now I have this ACL configured on the VLAN 7 in bound:
access-list 107 remark This ACL prohibits the 7 VLAN to only access specific servers
Thanks for the reply Alain. When you say, " 2)traffic entering vlan 3 can't have 10.7.0.0 as a subnet, it must be 10.3.0.0 so none of your ACEs will match except last one(permit ip any any) meaning you won't filter anything."
I thought this ACL would be read as, anything from the source 10.7.0.0 trying to go to 10.3.0.0 would be filterd or denied, but the last statement of permit ip any any would let any other source with a 10 address into the 10.3 network?
In my first post I intended to apply ACL 103 to the in bound direction of VLAN 3. Whereas the other ACL 107 I intended to apply to the in bound of VLAN 7. Which ACL statments and where they should be applied do you think is correct?
traffic from vlan 3 subnet going to vlan 7 subnet will enter the interface vlan 3 so if you want to deny traffic from all but some machines in vlan 3 towards all vlan 7 subnet you should configure an ACL inbound on vlan 3 interface permitting traffic from vlan 3 host towards vlan 7 and then the implicit deny at the end will filter vlan 3 traffic towards all other vlans.
Just tell us also if vlan 7 can talk with vlan 3 as well as what host in vlan 3 can communicate with which host in vlan 7 and if you've got other vlans or any routed IP you want vlan 3 to communicate with(like for example a default gateway).
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...