Cisco 3550 and ACL on VLAN
- From: "Elia S." <admin@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 2 May 2012 11:20:48 +0200
Hello!
I have on Cisco 3550-24-EMI with 3 VLANs on IT.
VLAN1 default 172.16.0.100/23
VLAN2: 172.16.2.254/24
VLAN4: 172.16.4.254/24
I would like to set an ACL on each vlans (incoming) to filter traffico from hosts within the VLAN, going out to others vlan
for example from an host in the vlan4 172.16.4.10/24 going to 0.0.0.0 (any).
This is an example of the ACL.
access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq tftp
access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 135
access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq 135
access-list 181 deny tcp 172.16.0.0 0.0.255.255 any range 137 139
access-list 181 deny udp 172.16.0.0 0.0.255.255 any range netbios-ns
netbios-ss
access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 445
access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq 445
access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 593
access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq 593
access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 4444
access-list 181 permit ip 172.16.0.0 0.0.255.255 any
access-list 181 permit ip 10.0.0.0 0.0.0.15 any
access-list 181 deny ip any any log
I would like to filter some traffic using the horsepower of the switch, instead than leaving it going to our core router to be filtered before exiting our network.
Problems:
If I apply the ACL 181 in the vlan4 (ip access-group 181 in) it doesnt match
Can someone point me in the right direction?
thank you
.
- Follow-Ups:
- Re: Cisco 3550 and ACL on VLAN
- From: 张小哲
- Re: Cisco 3550 and ACL on VLAN
- Next by Date: Re: Cisco 3550 and ACL on VLAN
- Next by thread: Re: Cisco 3550 and ACL on VLAN
- Index(es):
Relevant Pages
|
