11-16-2018 07:21 PM
I believe I need to create an ACL as I would like to block all traffic from vLan 201 (172.16.200.0 - 255.255.254.0) from getting to the default vLan001 (10.0.0.0 - 255.0.0.0), and vice versa, but need 172.16.200.x to access the internet.
Internet Gateway is 10.1.10.41 - 255.0.0.0
How would I be able to accomplish this? ACL's confuse the heck out of me.
11-17-2018 01:48 AM
Which device are you trying to configure this on? ACL's work from top down (so the first rule that is matched will be used...) with an explicit deny at the end.
In your case, I assume 172.16.200.0/255.255.254.0 is the source VLAN of the SSID. Your first rule would be to deny ANY (source VLAN) traffic to 10/8, then the remaining rules (I've used the below as an example for allowing, DNS, HTTP & HTTPS) would permit your Internet access traffic.
ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
11-18-2018 09:34 AM
Thanks for the response.
I am using an S2500 as my router.
I do have other vlans, but they are allowed to access the 10.0.0.0 subnet (Vlan001).
With the ACL that you provided, how could I allow 192.168.40.0 255.255.248.0 access?
Thanks again. I really appreciate it.