Re: 5400zl ACL question

JeffM_1 · ‎11-14-2010

I have 3 VLAN's (1, 11,12) setup with the following addresses below and I want to create a named ACL to block all internet access from VLAN12 but allow all traffic to the rest of my domain (10.0.0.0) only. What is the best way to do this.

VLAN 1 | 10.40.0.0 255.255.0.0
VLAN 11 | 10.41.0.0 255.255.0.0
VLAN 12 | 10.42.0.0 255.255.0.0

Thanks,
Jeff

Mohammed Faiz · ‎11-14-2010

Hi,

That's fairly simple, assuming you are routing VLAN 12 on your 5400 you'd want something like this:

ip access-list extended VLAN_12_ACL_IN
permit ip 10.42.0.0 0.0.255.255 10.0.0.0 0.255.255.255

vlan 12 ip access-group VLAN_12_ACL_IN in

JeffM_1 · ‎11-15-2010

Thanks Mohammed,

Yep I do have all 3 VLAN's routed. Will I have to also add another line for "permit ICMP" to allow ping for trouble shooting?

Mohammed Faiz · ‎11-15-2010

Hi,

No, you shouldn't need to add anything to allow hosts on VLAN 12 to ping other hosts on the 10.0.0.0/8 network (ICMP traffic is IP traffic).

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: 5400zl ACL question

5400zl ACL question