Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

ACL to control traffic

I have several remote offices and all offices use the same VLAN's 1,2,3,4,5,6,etc... I was able to create an access-list which will only allow VLAN 1 in one remote office to communicate with VLAN 1 in the other remote offices. The problem I have is when traffic tries to route to the Internet. Normally I would just add an ANY statement for this. But if I do that then all the traffic will be permitted. The other way would be to individually deny traffic to the VLAN's. But this would require a lot of statements and might be difficult to manage. I think there is an easier way to do this. Does anyone have any suggestions. Thanks.

2 REPLIES

Re: ACL to control traffic

If I understand your question correctly, you need to block your traffic at the closest point possible by adding acl's to each of your branches. If they are contiguous blocks (vlan1,2, and 3 - ip 192.168.1.0, 2.0, 3.0 respectively, you may want to look into creating an ACL that summarizes the networks that you want to block. Put that at the top of your list, and then permit your local traffic out to everything else.

--John

HTH, John *** Please rate all useful posts ***

Re: ACL to control traffic

Oh, and if they can't be easily summarized, you will be limited to creating an entry for each subnet you want to block.

--John

HTH, John *** Please rate all useful posts ***
97
Views
0
Helpful
2
Replies
CreatePlease to create content