ACL Passport

[LuisCamara]

Hello all,

I have two 8600s configuration with IST interconnection and
several internal VLANs. All VLANS have IPs and VRRP is enabled and by
default all those internal VLANs can route to each other. How is it possible
to limit that, so that only some specific VLANs can only talk to some other
VLANs, and only those?

For example:

Vlan 5: 192.168.0.0/24 --> VRRP Gateway: 192.168.0.1
vlan 6: 10.50.0.0/24 --> VRRP Gateway: 10.50.0.1

I have one notebook in 192.168.0.10 and other notebook in 10.50.0.10.

I wish to block the communication between this two vlans.

I make this configuration:


filter acl 1 create inVlan act 4092
filter acl 1 vlan add 5-6
filter acl 1 ace 1 action deny stop-on-match true
filter acl 1 ace 1 ip src-ip eq 192.168.0.0-192.168.0.255
filter acl 1 ace 1 ip dst-ip eq 10.50.0.0-10.50.0.255
filter acl 1 ace 1 enable
filter acl 1 ace 2 action deny stop-on-match true
filter acl 1 ace 2 ip src-ip eq 10.50.0.0-10.50.0.255
filter acl 1 ace 2 ip dst-ip eq 192.168.0.0-192.168.0.255
filter acl 1 ace 2 enable

But when try to test the communication, the notebooks still "ping" between the vlan 5 and vlan 6.

Can help me!

Thank you very much for all.

Luis