Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Vlan access-list

Can I have one vlan acces list and filter it across multiple VLANs? Like so:

ip access-list extended VLAN_BLOCK_SNMP

.................
permit udp 172.23.22.0 0.0.0.255 192.168.55.0 0.0.0.255 eq snmp
permit udp 172.23.23.0 0.0.0.255 192.168.55.0 0.0.0.255 eq snmp
permit udp 172.23.27.0 0.0.0.255 192.168.55.0 0.0.0.255 eq snmp
permit udp 172.23.28.0 0.0.0.255 192.168.55.0 0.0.0.255 eq snmp
permit udp 172.23.22.0 0.0.0.255 10.30.3.0 0.0.0.255 eq snmp
permit udp 172.23.23.0 0.0.0.255 10.30.3.0 0.0.0.255 eq snmp
permit udp 172.23.27.0 0.0.0.255 10.30.3.0 0.0.0.255 eq snmp
permit udp 172.23.28.0 0.0.0.255 10.30.3.0 0.0.0.255 eq snmp
permit udp 172.23.22.0 0.0.0.255 host 172.23.16.5 eq snmp
permit udp 172.23.22.0 0.0.0.255 host 172.23.18.21 eq snmp
permit udp 172.23.22.0 0.0.0.255 host 172.23.18.1 eq snmp
.................

vlan access-map BLOCK_SNMP 10
action drop
match ip address VLAN_BLOCK_SNMP
vlan access-map BLOCK_SNMP 20
action forward
!
vlan filter BLOCK_SNMP vlan-list 9,22-23

1 REPLY
Hall of Fame Super Silver

Re: Vlan access-list

Hello Dpatten28,

it is possibile to apply a ACL to a list of Vlans, however you need to take care of some differences in the logic of the VACL you may see the traffic permitted by second clause so test it to verify if it works as intended

Hope to help

Giuseppe

183
Views
0
Helpful
1
Replies
CreatePlease login to create content