Configuring Network Security > IP ACLs > Configuring an Internal Deny ACL
Was this helpful?
Configuring an Internal Deny ACL
Let’s configure the ACL for denying traffic from the Engineering server to the HR server and name the ACL, deny-hr:
CLI network-admin@switch > acl-ip-create name deny-hr action deny scope local src-ip 192.168.10.2 src-ip-mask 24 dst-ip 192.168.200.3 dst-ip-netmask 24 proto ip src-port 55 dst-port 33 vlan 1505
To review the configuration, use the acl-ip-show command:
CLI network-admin@switch > acl-ip-show name deny-hr layout vertical
name:                  deny-hr
id:                    b00011:20
action:                deny
proto:                 ip
src-ip:                192.168.10.2/24
src-port:              55
dst-ip:                192.168.200.3/24
dst-port:              33
vlan:                  1505
scope:                 local
port:                  0
 
Now, when you attempt to access the Finance server from the Engineering server, the network drops the packets.