Unsolved
1 Rookie
•
17 Posts
0
220
Extended ACL on DELL OS9 9.14.2.6 about one way vlan communication.
Greetings Everyone.
So... My question is if its possible to create an extended ACL to put on a vlan interface in order to block traffic oneway? Meaning. I have some vlans. I don't want them to talk to one specific vlan but that vlan must be able to do so( so first i thought an extended acl to this vlan in engress so i don't need to put it anywhere else) ... But i can't seem to do so... I experimented in gns3 with os10 but i think its the same thing/problem... The switch is doing the intervlan routing also...
I understand that a firewall can achive this easily. Is it possible without one? From my understanding from reading online this isn't really possible since there will always be a reply thats blocked from the statess inspection of the ACL.... Is this correct? ... and if yes, are there any alternative capabilities in the os 9 9.14.2.6 version i can use to ahive this???
Thanks Everyone!
DELL-Chris H
Moderator
Moderator
•
8.8K Posts
0
June 6th, 2023 11:00
Antvas,
I am not aware of how to configure it in a way to accomplish what you are asking for, short of a firewall as you stated previously.
Sorry I wasn't able to be more helpful.
antvas
1 Rookie
1 Rookie
•
17 Posts
0
June 8th, 2023 05:00
Thank you Chris for your reply and your time!!
So...
I think the best i can do is make deny tcp and specify which services to cut... with a permit ip any any at the end.
I searched the configuration guide but i didn't see if the OS9 9.14.2.6 can use range in the [portnumber] variable of the command. I can't try it out unfortunately. Is smt like that supported? And forgive my naive question but i can summarize my vlan subnets to save on complexity correct?
At least... I can't think of anything else to emulate what i wish to achieve...
Thank you.
antvas
1 Rookie
1 Rookie
•
17 Posts
0
June 8th, 2023 06:00
Thank you Chris.
I haven't configured vlan acls to be truthful. Ever. I ll proceed to read and if i get a chance to try out i ll continue to post...
Thank you.
DELL-Chris H
Moderator
Moderator
•
8.8K Posts
0
June 8th, 2023 06:00
Antvas,
I believe that is indeed the case, but am not 100% certain on that. Page 321 of the guide here should help though.