Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
496
Views
0
Helpful
0
Replies

Reflexive ACL on a switch interface

poirot1967
Level 1
Level 1

‎11-11-2009 02:16 PM

Is there any reason a reflexive ACl will not work on a switch port? I see that most examples pertain to routers. We have a 4510 with a Sup 6. I have not tried it yet, but here is the config I came up with :

ip access-list extended internal_acl

permit tcp any any reflect tcptraff

permit udp any any reflect udptraff

permit icmp any any reflect icmptraff

ip access-list extended external_acl

evaluate tcptraff

evaluate udptraff

evaluate icmptraff

deny ip any any

int g1/48

ip access-group internal_acl out

ip access-group external_acl in

Does this look like it will work? Being that the 4510 can't do NAT I need to "hide" what is connected to this particular switch interface. Suggestions?

Poirot

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents