Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

VACLS

Hi Guys,

I want to restrict all host within a VLAN from access each other and I thought I'd setup a VACLS. Can someone please view my config below and see if its ok:

ip access-list extended no-contact-forrestplace

permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255

ip access-list standard any-host

permit any

vlan access-map no-contact-forrestplace 10

match ip address no-contact-forrestplace

action drop

exit

vlan access-map no-contact-forrestplace 20

match ip address any-host

action forward

exit

vlan filter no-contact-forrestplace vlan-list 21

Thanks,

Ross.

Everyone's tags (1)
2 REPLIES

VACLS

ross_rulz wrote:

Hi Guys,

I want to restrict all host within a VLAN from access each other and I thought I'd setup a VACLS. Can someone please view my config below and see if its ok:

ip access-list extended no-contact-forrestplace

permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255

ip access-list standard any-host

permit any

vlan access-map no-contact-forrestplace 10

match ip address no-contact-forrestplace

action drop

exit

vlan access-map no-contact-forrestplace 20

match ip address any-host

action forward

exit

vlan filter no-contact-forrestplace vlan-list 21

Thanks,

Ross.

Hello Ross,

Try the below config and apply this to vlan 21

ip access-list extended no-contact-forrestplace

permit ip 172.16.32.0 0.0.0.255 172.16.32.0 0.0.0.255

vlan access-map no-contact-forrestplace 10

match ip address no-contact-forrestplace

action drop

vlan access-map no-contact-forrestplace 20

action forward

vlan filter no-contact-forrestplace vlan-list 21

Hope to Help !!

Ganesh

Bronze

VACLS

Yow might want to allow hosts to communicate with default gateway in same subnet.

HTH

Shijo George

245
Views
5
Helpful
2
Replies
CreatePlease to create content