Cisco 3550 and ACL on VLAN

Hello!

I have on Cisco 3550-24-EMI with 3 VLANs on IT.

VLAN1 default 172.16.0.100/23 VLAN2: 172.16.2.254/24 VLAN4: 172.16.4.254/24

I would like to set an ACL on each vlans (incoming) to filter traffico from hosts within the VLAN, going out to others vlan for example from an host in the vlan4 172.16.4.10/24 going to 0.0.0.0 (any).

This is an example of the ACL.

access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq tftp access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 135 access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq 135 access-list 181 deny tcp 172.16.0.0 0.0.255.255 any range 137 139 access-list 181 deny udp 172.16.0.0 0.0.255.255 any range netbios-ns netbios-ss access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 445 access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq 445 access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 593 access-list 181 deny udp 172.16.0.0 0.0.255.255 any eq 593 access-list 181 deny tcp 172.16.0.0 0.0.255.255 any eq 4444 access-list 181 permit ip 172.16.0.0 0.0.255.255 any access-list 181 permit ip 10.0.0.0 0.0.0.15 any access-list 181 deny ip any any log

I would like to filter some traffic using the horsepower of the switch, instead than leaving it going to our core router to be filtered before exiting our network.

Problems:

If I apply the ACL 181 in the vlan4 (ip access-group 181 in) it doesnt match

Can someone point me in the right direction?

thank you

Reply to
Elia S.
Loading thread data ...

what happen with this configuration ?

Reply to
张小哲

If I apply the ACL 181 in the vlan4 (ip access-group 181 in) it doesnt match

I still need to apply the ACL on my border router, and it is eating CPU

Reply to
Elia S.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.