07-10-2012 08:12 PM - edited 03-07-2019 07:42 AM
Hi Guys,
I want to restrict all host within a VLAN from access each other and I thought I'd setup a VACLS. Can someone please view my config below and see if its ok:
ip access-list extended no-contact-forrestplace
permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255
ip access-list standard any-host
permit any
vlan access-map no-contact-forrestplace 10
match ip address no-contact-forrestplace
action drop
exit
vlan access-map no-contact-forrestplace 20
match ip address any-host
action forward
exit
vlan filter no-contact-forrestplace vlan-list 21
Thanks,
Ross.
07-11-2012 02:00 AM
ross_rulz wrote:
Hi Guys,
I want to restrict all host within a VLAN from access each other and I thought I'd setup a VACLS. Can someone please view my config below and see if its ok:
ip access-list extended no-contact-forrestplace
permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255
ip access-list standard any-host
permit any
vlan access-map no-contact-forrestplace 10
match ip address no-contact-forrestplace
action drop
exit
vlan access-map no-contact-forrestplace 20
match ip address any-host
action forward
exit
vlan filter no-contact-forrestplace vlan-list 21
Thanks,
Ross.
Hello Ross,
Try the below config and apply this to vlan 21
ip access-list extended no-contact-forrestplace
permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255
vlan access-map no-contact-forrestplace 10
match ip address no-contact-forrestplace
action drop
vlan access-map no-contact-forrestplace 20
action forward
vlan filter no-contact-forrestplace vlan-list 21
Hope to Help !!
Ganesh
07-11-2012 02:51 AM
Yow might want to allow hosts to communicate with default gateway in same subnet.
HTH
Shijo George
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide