RUCKUS ICX - ACL Applied to VLAN Direction
Рет қаралды 3,757
Күн бұрын
@ataris2548 2 жыл бұрын
Is it possible in acl?. let say IT dept. can ping all other devices in the other dept. But all other devices in other dept cant ping IT dept? Thanks
@TerryHenry 2 жыл бұрын
sure, ACLs are one direction so you could just create an extended ACL in to deny icmp echo to the IT department and then permit ip any any. It will deny ping (echo) but allow ping replies (echo-reply)
@ataris2548 2 жыл бұрын
@@TerryHenry i forgot to include acl in vlan
@maximos2111 2 жыл бұрын
Any tips to be able to ping the VE interface if we apply the ACL "in" on the vlan?
@TerryHenry 2 жыл бұрын
Sure, you didnt say standard or extended but ACLs are always processed top down so at the beginning use a permit icmp any host
@maximos2111 2 жыл бұрын
@@TerryHenry Thanks for the answer, but I already tried this and I don't know why it doesn't work. I'll open a ticket. Thanks
@martoni7473 3 жыл бұрын
I tested in switch mode : the ACL is also applied on trunk port / uplink ... Is there a way to avoid the ACL on trunk ? (I restrict IP range on user port with ALC port / port. If I apply ACL on VLAN, I lose internet trafic)
@TerryHenry 3 жыл бұрын
The ACL is going to apply to every port in the vlan. Either just apply to individual interfaces or add another acl to your uplink with a permit ip any any which will override the vlan ACL for priority.
@martoni7473 3 жыл бұрын
@@TerryHenry Thanks a lot, it's working, excellent tips !