1 Rookie
•
10 Posts
0
42
December 5th, 2024 19:46
How to create a best practice off ACLs in a large network
hello everyone
I am implementing security on my network in relation to vlans and I want to use ACLs for this
However, the documentation left me a little confused regarding access
What is the command I use to block the network (example) 192.168.2.0/24 to the 192.168.3.0/24 network, is it necessary to install a service such as ssh, telnet, ping, etc.
and another thing I will do this for separate vlans, I must create a group for each one and block the necessary networks and allow the necessary ones
iam talking about dell 6248
No Events found!
DELL-Joey C
Moderator
•
3.9K Posts
0
December 10th, 2024 01:14
Hi,
To apply on VLAN level, you may need to in the VLAN interface and apply access-group configuration, eg:
interface vlan 20
ip access-group test in
exit
interface vlan 10
ip access-group test2 out
exit
DELL-Joey C
Moderator
•
3.9K Posts
0
December 6th, 2024 05:54
Hi,
Well, if you just want to block network IP https://dell.to/41kHloQ to the https://dell.to/3B5J0UN, this is how the command looks like, where 'test' is just the access list example name.
console(config)#access-list test deny 192.168.2.0 255.255.255.0 192.168.3.0 255.255.255.0
console(config)#access-list test permit any
If you were to create VLANS and block access between groups, this is how the command looks like after you have created VLAN. Also, the access-list name and access group name must be the same during configuration, else ACL would not work:
console(config)#interface vlan 20
console(config)#ip access-group test in
console(config)#exit
console(config)#interface vlan 10
console(config)#ip access-group test2 in
console(config)#exit
guiabreufranca
1 Rookie
•
10 Posts
0
December 9th, 2024 15:40
Hi i think iam understanding now, how it works.
So i see if i do that on my switch that gona be a litle toublesome because there are too many vlans.
Uas there a way to apply this with vlans (exemple)
access-list "name" deny ip vlan10 vlan20?