Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need help with a VACL

I have 6 locations connected by WAN links. At each location I have a like VLan-VLan 8. I want these VLan's to talk only to each other.

Following is what I came up with-I'm new at this VACL thing so ...

Router(config)# Extended IP access list WM_8

permit ip 10.33.8.0 0.255.255.255 any

permit ip 10.34.8.0 0.255.255.255 any

permit ip 10.38.8.0 0.255.255.255 any

permit ip 10.50.8.0 0.255.255.255 any

permit ip 10.63.8.0 0.255.255.255 any

permit ip 10.32.8.0 0.255.255.255 any

Router(config)# vlan access-map Kiosk WM_8

Router(config-access-map)# match ip address WM_8

Router(config-access-map)# action forward

Router(config-access-map)# exit

Router(config)# vlan filter kiosk vlan-list 8

My question is this what is needed at each location. I assume that at each location I would leave out its corresponding VLan IP. But other than that is this right??

Any help much appreciated.

Does this make sense.

1 REPLY
Hall of Fame Super Blue

Re: Need help with a VACL

Stuart

"Does this make sense."

Not really no :-)

Are you trying to restrict traffic within a vlan or between vlans. If between vlans which from your description it sounds like you are trying to then you don't use VACLs as these are generally used to restrict traffic within the same vlan.

You need to use standard RACLs (Router acls).

So at each site you have a vlan 8. You only want vlan 8 at each site to be able to communicate with other vlan 8s at the other sites and nowhere else. Is this correct ?

If so can you specify what devices you are using to route the vlans at each site - is it a L3 switch ?

Jon

104
Views
0
Helpful
1
Replies