Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Help with ACLs please

SOLVED
Go to solution
MDF
Occasional Advisor

Help with ACLs please

What's wrong with this ACL? My intention is to block all traffic to the PRODUCTION vlan and only allow access to the servers on 172.19.64.0/24 network.

It's not working for me.


ip access-list standard "ServerOnly"
permit 172.19.64.0 0.0.0.255
exit

vlan 50
name "PRODUCTION"
untagged B8-B14
ip address 10.10.10.254 255.255.255.0
ip helper-address 172.19.64.253
ip access-group "ServerOnly" out
exit
1 REPLY
Mohieddin Kharnoub
Honored Contributor
Solution

Re: Help with ACLs please

Hi

You can't use a Standard ACL in this case my friend, you need an Extended one since you want to permit something going to a specific destination and deny something from a specific source.

Based on my understanding to your requirements,and if i'm not wrong, the ACL should be like this :

ip access-list extended "SrvOnly"
permit ip any 172.19.64.0 0.0.0.255
exit

vlan 50
name "PRODUCTION"
untagged B8-B14
ip address 10.10.10.254 255.255.255.0
ip helper-address 172.19.64.253
ip access-group "SrvOnly" out
exit

Good Luck !!!
Science for Everyone