Unsolved
1 Rookie
•
4 Posts
0
51
VLAN interfaces and ACLs
Hi, I am trying to stop traffic from reaching a VLAN with the following ACL:
ip access-list my-acl
10 deny 172.16.0.0 0.0.3.255 any
100 permit every
Then it makes sense in my head to add the ACL to the vlan interface inbound but that dosen't work. When I set the ACL outbound on the VLAN interface it does work.
Can anyone explain what I am misunderstanding here as it seems logical that I want to deny source IPs ingress to the interface but that does not seem to be the behaviour here.
Thanks
DELL-Young E
Moderator
Moderator
•
3.7K Posts
0
February 27th, 2024 03:03
Hello thanks for choosing Dell and welcome to our community. what is the firmware switch model and operating system(os6 , or os9 or os10)? Respectfully,
nickscs
1 Rookie
1 Rookie
•
4 Posts
0
February 27th, 2024 12:56
Hi, it is on an N4032F with firmware 6.5.4.21
Thanks
DELL-Chris H
Moderator
Moderator
•
8.5K Posts
0
February 27th, 2024 13:27
Nickscs,
To me it looks like you didn't include the interface type (UDP, TCP, or ICMP) in the 10 command, and it looks like you have to make a rule for each, as seen here.
Let me know if this helps.
nickscs
1 Rookie
1 Rookie
•
4 Posts
0
March 1st, 2024 09:46
Thanks yes the ACE is 10 deny ip 172.16.0.0 0.0.3.255 any
However my question is about the logic of traffic flow in and out of a VLAN interface.
I want to restrict traffic from this range for going in to a VLAN interface however when I place this inbound on the interface it does not work, it does work when I apply it outbound on the interface. This seems counter intuitive so I think I am misunderstanding.
DELL-Young E
Moderator
Moderator
•
3.7K Posts
0
March 4th, 2024 04:14
Hello, could you try this?
ip access-list my-acl
10 deny 172.16.0.0 0.0.3.255 any
"100 permit every"
https://dell.to/42ZQeTy
Respectfully,