2 Replies Latest reply on Apr 7, 2014 9:53 AM by levi

    Block outbound traffic

    tdh New Member

      Hello,

       

      We have a NV4430 where gig 0/1 is connected to the Internet and gig 0/2 has many sub-interfaces (VLANs).  I would like to configure each VLAN to only allow specific traffic OUT while denying/discarding all other traffic.  For example, on one VLAN I may allow only HTTP and HTTPS traffic outbound but on another VLAN we may allow HTTP, HTTPS, SSH and RDP.  What is the best way to configure this solution?  My initial thought was to create an ACL for each VLAN placing the permits at the top and then deny ip any any at the end.  I read about using an access-group but I've only used access-policy on interfaces to control traffic.

       

      Any guidance is greatly appreciated!

        • Re: Block outbound traffic
          dcorrea Visitor

          Hello tdh,

           

          They way you're thinking to solve this I think is correct you will need to create ACL for each VLAN and placing in the correct subinterface of the gig 0/2. The access-policy is also the right choice to put work the ACL's.

           

          However, I you set the allow statements at the beginning of the ACL you won't need the deny ip at the end (is implicit).

           

          Hope this helps.

           

          Cheers!

          1 of 1 people found this helpful
          • Re: Block outbound traffic
            levi Employee

            tdh:

             

            I went ahead and flagged this post as "Assumed Answered." If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

            Thanks,

             

            Levi