Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

vlan and vacl question

needing to segment off my NT workstations from network to keep viruses at bay. i need traffic from NT4 wks to pass to network resources but need to keep out the bad stuff.

unsure as to what vacl to use to permit / deny. thx for any info.

Community Member

Re: vlan and vacl question

We do something similar here. We first put all like devices into a special VLAN. Once the devices are segmented we then apply ACL's to our Layer 3 6509 to restrict traffic. We get very restrictive and allow ONLY the traffic necessary to conduct business when writing the ACL's.

What devices (layer 2 and 3) are you working with?

Community Member

Re: vlan and vacl question

Thanks for your reply

6509s for L3

2950s, 3550s, 3560s for L2.

vtp domain is setup - vlans are seen across LAN

Permit: all traffic to network servers, www, wan remote sites (established only)

- PC authen to domain

- DNS, WINS, DHCP, remote management of PCs onthis VLAN

Deny: other VLANs & PCs which do not need explicit access to these machines

(these are NT4 WKS which we're trying to keep viruses from attacking - no patches available)

Can you share sanitized config which shows "business only" ACLs which allows access?


CreatePlease to create content