SrikantRajeev
asked on
Network Router- Access control List
I have a network device (Cisco Router) where i have configured a Data VLAN (say VLAN 10) for my user's to connect their PC.
I have applied ACL to the VLAN allowing access only to a particular IP. The ACL prevents access to any other network.
There are also other Data VLAN's say VLAN 20 & VLAN 30
VLAN 10 - 10.10.10.0/24 (Users in this VLAN can access only IP 192.168.100.10)
VLAN 20 - 20.20.20.0/24
VLAN 30 - 30.30.30.0/24
Inter VLAN communication is enabled by default.
My question is in this scenario , if a PC in VLAN 10 is connected to the network & it has some infection or virus can this spread to the machines in VLAN 20 & 30 even though the Network ACL allows communication to the IP 192.168.100.10
Can simple router ACL which works on IP & Port no can stop spreading of Viruses in the network
I have applied ACL to the VLAN allowing access only to a particular IP. The ACL prevents access to any other network.
There are also other Data VLAN's say VLAN 20 & VLAN 30
VLAN 10 - 10.10.10.0/24 (Users in this VLAN can access only IP 192.168.100.10)
VLAN 20 - 20.20.20.0/24
VLAN 30 - 30.30.30.0/24
Inter VLAN communication is enabled by default.
My question is in this scenario , if a PC in VLAN 10 is connected to the network & it has some infection or virus can this spread to the machines in VLAN 20 & 30 even though the Network ACL allows communication to the IP 192.168.100.10
Can simple router ACL which works on IP & Port no can stop spreading of Viruses in the network
Can simple router ACL which works on IP & Port no can stop spreading of Viruses in the networkSimple answer is yes. If the ACL is preventing traffic from the infected PC to another network, then the PC's on the other network are safe from that particular PC.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks
presumably vlan 20 and 30 IPs are merely for illustration
You should test whether a system with an IP on VLAN 20 or 30 can not be reached from VLAN 10.
Your applied ACL on VLAN 10 possibly overrides the inter VLAN default access rule.