Ethernet Switches & Routers

Occasional Contributor
Posts: 9
Registered: ‎12-17-2012


I apologize if this a duplicate/similar posting. I browsed through the website and didn't quite find the answer I was looking for. I am also pretty new to Brocade so I just may have missed it. Here is my question, I have 4 FCX-648S stacked switches for my core switches. We have a couple dozen VLANs on these switches. One of these VLANs is setup to split the internet between two firewalls for firewall HA purposes. To make a long story short we want to block access to some private IPs on the ISP's network. We want to block all outbound traffic to any IP on the network. This particular VLAN, however does not have a ve interface. So I'll need to create one, which I have never done before so I am wondering if the following config will do the trick??

Brocade(config)# vlan 96

Brocade(config-vlan-96)# router-interface ve 96
Brocade(config-vlan-96)# exit

Brocade(config)# access-list 96 deny log
Brocade(config)# interface ve 96
Brocade(config-vif-1/1)# ip access-group 96 out ethernet 1/1/26 ethernet 2/1/26 ethernet 3/1/26

So, I went into vlan 96, added ve interface 96. I created acl 96 to deny traffic on the network. I added acl 96 outbound to the above listed interfaces. Anything wrong with that logic?

Thanks in advance for your thoughts and comments.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.