Router on a Stick

zoro_2009

Hi,

I have a classique router on a stick configuration, and I want to implement some of the intervlan ACLs on the switch to take the load off the router.

I've configured an ACL on the SVI to prevent communication between the hosts on both vlans, but this doesn't seem to work !

The setup is: each host receiving an IP from the router (DHCP), and the subinterface is its gateway, The switch is L3, and there 2 SVIs !

Am I missing something here ?

Thanks

Sans titre.jpg

Find more posts tagged with

Comments

bharvey92

Post the configurations up so we can have a look, just a punt - but could it be that you have not assigned the ACL to the correct interface?

shortstop20

If the router is hosting the default gateway, you are not going to be able to apply ACLs on the SVIs of the switch to block traffic between VLANs. Those ACLs would need to be applied on the router subinterfaces.

james43026

shortstop20 wrote: »

If the router is hosting the default gateway, you are not going to be able to apply ACLs on the SVIs of the switch to block traffic between VLANs. Those ACLs would need to be applied on the router subinterfaces.

If you simply configured ACLs and applied them to a layer 3 interface / SVI on a switch, then it's not going to have an affect on traffic that isn't passing over the layer 3 SVIs. Which in your setup traffic has no need to interact with a layer 3 SVI directly on your switch since they are using your router as a default gateway. What you need are VACLs, which is simply a route map / access map as it would be called at a layer 2 level, that can reference an ACL to filter traffic at the VLAN level. This article may help you.