cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ACLs for segmentation

Highlighted
Conversationalist

ACLs for segmentation

Anybody have any good resources or examples of ACLs used for segmentation? I've created VLANs on my MS250, but now need to deny and allow traffic between certain VLANs. I've come across the documentation links, "Switch ACL Operation" and "Configuring ACLs", but still look for more examples.

 

3 REPLIES 3
Highlighted
Head in the Cloud

Re: ACLs for segmentation

Hi @BenSimanek 

 

MS Best Practice, there's some information within:

 

https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/...

Darren O'Connor | uccert.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.
Highlighted
Kind of a big deal

Re: ACLs for segmentation

Also not that MS L3 ACLs are stateless.  This can start making things tricky if you use them on multiple VLANs and want to do anything other than a layer 3 ACL.

Highlighted
Conversationalist

Re: ACLs for segmentation

Thanks for the replies.

The Best Practices showed me how to combine the ACLs. However the final rule leaves out TCP traffic that was being deny above.

The stateless nature of the ALCs certainly makes them tricky. Also with a 128 limit, the inability to use a port range or list of subnets, the ALC only seems appropriate for denying all traffic between VLAN.

Thanks for the help.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.