ACLs for segmentation

BenSimanek
Conversationalist

ACLs for segmentation

Anybody have any good resources or examples of ACLs used for segmentation? I've created VLANs on my MS250, but now need to deny and allow traffic between certain VLANs. I've come across the documentation links, "Switch ACL Operation" and "Configuring ACLs", but still look for more examples.

 

3 REPLIES 3
DarrenOC
Kind of a big deal
Kind of a big deal

Hi @BenSimanek 

 

MS Best Practice, there's some information within:

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
PhilipDAth
Kind of a big deal
Kind of a big deal

Also not that MS L3 ACLs are stateless.  This can start making things tricky if you use them on multiple VLANs and want to do anything other than a layer 3 ACL.

BenSimanek
Conversationalist

Thanks for the replies.

The Best Practices showed me how to combine the ACLs. However the final rule leaves out TCP traffic that was being deny above.

The stateless nature of the ALCs certainly makes them tricky. Also with a 128 limit, the inability to use a port range or list of subnets, the ALC only seems appropriate for denying all traffic between VLAN.

Thanks for the help.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels