Network Management

Reply
kmd
Contributor II

ACL

Hi All.

I believe I need to create an ACL as I would like to block all traffic from vLan 201  (172.16.200.0 - 255.255.254.0) from getting to the default vLan001 (10.0.0.0 - 255.0.0.0), and vice versa, but need 172.16.200.x to access the internet.

Internet Gateway is 10.1.10.41 - 255.0.0.0

How would I be able to accomplish this?  ACL's confuse the heck out of me.

Thank you.

MVP Guru

Re: ACL

Which device are you trying to configure this on? ACL's work from top down (so the first rule that is matched will be used...) with an explicit deny at the end. 

 

In your case, I assume 172.16.200.0/255.255.254.0 is the source VLAN of the SSID. Your first rule would be to deny ANY (source VLAN) traffic to 10/8, then the remaining rules (I've used the below as an example for allowing, DNS, HTTP & HTTPS) would permit your Internet access traffic. 

 

ACL.png


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
kmd
Contributor II

Re: ACL

Thanks for the response.

I am using an S2500 as my router. 

 I do have other vlans, but they are allowed to access the 10.0.0.0 subnet (Vlan001).

With the ACL that you provided, how could I allow 192.168.40.0 255.255.248.0 access?

Thanks again. I really appreciate it.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: