Network Management

 View Only
last person joined: 19 hours ago 

Keep an informative eye on your network with IMC and AirWave network management solutions.
Expand all | Collapse all

ACL for VLAN

This thread has been viewed 42 times
  • 1.  ACL for VLAN

    Posted 15 days ago

    Dear Friends, 

    Now I would like to apply ACL for our new Guest Network. Need a bit help on Switch Config (ArubaOS-CX 8360 core switch). 

    The new guest network has been added to our Clearpass, using VLAN 150, now it is working. It is getting IP from our windows DHCP servers in production network vlan 102. Devices on Vlan 150 can reach to different VLANs at the moment. 

    If I want to apply Access-List to this VLAN 150, to deny accessing everything to different Vlans (108, 100, etc etc..). How could I define this Access List to deny any devices in VLAN 150 to reach to the rest of production network? 

    Thanks

    ML



    ------------------------------
    Becoming a Networking Engineer
    ------------------------------


  • 2.  RE: ACL for VLAN

    Posted 11 days ago
    Any updates please? 

    Thanks

    ------------------------------
    Becoming a Networking Engineer
    ------------------------------



  • 3.  RE: ACL for VLAN

    Posted 9 days ago
    Hi ML,
    I will soon be doing the same and am curious how you do that, and I would like to take it one step further.  Once the ACLs are on the core, can they be pushed out to the edge CX switches for enforcement?
    Kris


  • 4.  RE: ACL for VLAN

    Posted 9 days ago
    Hi Kris, 

    If you use VLAN ACL, it will restrict whatever ACL you defined for that particular VLAN regardless core or edge switch..Network traffic will be routed to Gateway on your Core Switch first. 

    Hopefully it helps.
    ML

    ------------------------------
    Becoming a Networking Engineer
    ------------------------------



  • 5.  RE: ACL for VLAN

    Posted 8 days ago
    Yes, that I understand.  I guess for the ACL to be applied at the edge, the edge switch would have to be the router for that vlan.  That makes perfect sense, thanks for your response!
    Kris


    E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized state official. (NCGS.Ch.132)