Link to home
Start Free TrialLog in
Avatar of SrikantRajeev
SrikantRajeev

asked on

Network Router- Access control List

I have a network device (Cisco Router) where i have configured a Data VLAN (say VLAN 10) for my user's to connect their PC.
I have applied ACL to the VLAN allowing access only to a particular IP. The ACL prevents access to any other network.

There are also other Data VLAN's say VLAN 20 & VLAN 30

VLAN 10 - 10.10.10.0/24 (Users in this VLAN can access only IP 192.168.100.10)
VLAN 20 - 20.20.20.0/24
VLAN 30 - 30.30.30.0/24

Inter VLAN communication is enabled by default.

My question is in this scenario , if a PC in VLAN 10 is connected to the network & it has some infection or virus can this spread to the machines in VLAN 20 & 30 even though the Network ACL allows communication to the IP 192.168.100.10

Can simple router ACL which works on IP & Port no can stop spreading of Viruses in the network
Avatar of arnold
arnold
Flag of United States of America image
A computer on the ip 10.10.10.x/24 can infect their local VLAN users and any resource to which they have access on the 192.168.100.10 IP

presumably vlan 20 and 30 IPs are merely for illustration
You should test whether a system with an IP on VLAN 20 or 30 can not be reached from VLAN 10.
Your applied ACL on VLAN 10 possibly overrides the inter VLAN default access rule.
Avatar of Don Johnston
Don Johnston
Flag of United States of America image
Can simple router ACL which works on IP & Port no can stop spreading of Viruses in the network
Simple answer is yes.  If the ACL is preventing traffic from the infected PC to another network, then the PC's on the other network are safe from that particular PC.
ASKER CERTIFIED SOLUTION
Avatar of eeRoot
eeRoot
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of SrikantRajeev
SrikantRajeev

ASKER

Thanks