Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

How to apply VACL inbound and outbound

Hi,

I would like to know if I can configure VACL to match inbound and outbound traffic at the same time. And where can I see examples.

Thanks           

3 REPLIES

Re: How to apply VACL inbound and outbound

Hello

VACLS - (specific within vlan also if no action or match statement default is to forward)

Example1 - Only allow PIng within this vlan drop everything else

ip access-List extended ICMP

Permit icmp any any

vlan acess-map Pings 10

match ip address icmp

action forward

vlan filter Pings vlan-list xx ( all)

Example2 - Deny communitcaton between two hosts in vlan 30 allow everthing else for vlan 30

access-list 101 permit host 33.0.0.3 host 33.0.0.33

access-list 101 permit host 33.0.0.33 host 33.0.0.3

vlan acess-map host2host 10

match ip address 101

action drop

vlan access-map host2host 99

vlan filter host2host vlan-list 30

SVI ACLS

int vlan 10

ip access-group 10 IN (IN >OUT)

(acls applied INbound on vlan 10 = going from a host in vlan 10)

int vlan 10

ip access-group 10 OUT  ( IN < OUT)

(acls applied OUTbound on vlan 10 = going to a host in vlan 10)

Example: denying 192.168.3.0 to access vlan 10 but allow vlan 10 to access vlab 11

vlan 10= 192.168.2.0/24

vlan 11= 192.168.3.0/24

Ip access-list extended TST

Permit tcp 192.168.3.0 0.0.0.255 any established

deny tcp 192.168.3.0 0.0.0.255 any

permit ip any any

int vlan 10

Ip access-group TST out

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please don't forget to rate any posts that have been helpful. Thanks.

How to apply VACL inbound and outbound

Thank you so much Pdriver, I have configured VACL and it works if packet is outbound, my doubt is if I can you use the VLAC for incoming traffic or just using ACL with access group over the SVIs?

Thank you again.

Re: How to apply VACL inbound and outbound

Hello
VACL are Only used WITHIN a vlan ,So if you wish to filter between a specific vlan then vacls would be applicable

Otherwise if your request is between different vlans you could use router based acls (RACL's) as shown in previous post or private vlans

Res
Paul


Sent from Cisco Technical Support iPad App

Please don't forget to rate any posts that have been helpful. Thanks.
210
Views
0
Helpful
3
Replies
CreatePlease to create content