Ethernet Switches & Routers

Reply
Occasional Contributor
davidengel
Posts: 8
Registered: ‎12-17-2012

ACL on VLAN

I apologize if this a duplicate/similar posting. I browsed through the website and didn't quite find the answer I was looking for. I am also pretty new to Brocade so I just may have missed it. Here is my question, I have 4 FCX-648S stacked switches for my core switches. We have a couple dozen VLANs on these switches. One of these VLANs is setup to split the internet between two firewalls for firewall HA purposes. To make a long story short we want to block access to some private IPs on the ISP's network. We want to block all outbound traffic to any IP on the 10.0.0.0 network. This particular VLAN, however does not have a ve interface. So I'll need to create one, which I have never done before so I am wondering if the following config will do the trick??

Brocade(config)# vlan 96

Brocade(config-vlan-96)# router-interface ve 96
Brocade(config-vlan-96)# exit

Brocade(config)# access-list 96 deny 10.0.0.0 0.255.255.255 log
Brocade(config)# interface ve 96
Brocade(config-vif-1/1)# ip access-group 96 out ethernet 1/1/26 ethernet 2/1/26 ethernet 3/1/26

So, I went into vlan 96, added ve interface 96. I created acl 96 to deny traffic on the 10.0.0.0 network. I added acl 96 outbound to the above listed interfaces. Anything wrong with that logic?

Thanks in advance for your thoughts and comments.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.