ACL's on a CAT5509 RSM Module

[heyspackle]

I'm sure this is easy and I'm just being stupid. Basically I'm trying to figure out how to setup an ACL on the RSM (I've got 5 VLANS) I've got one VLAN I want to allow all traffic out and deny access from any other VLAN. Seems like it'd be a simple:

access-list 101 permit ip 192.168.27.0 0.0.0.255 any
access-list 101 deny ip any 192.168.27.0 0.0.0.255 log

config-int (for the .27 vlan): ip access-group 101 in (or out?)

Or would I need to: deny any 192.168.27.0 and then add the access-group to every other vlan but the one I want to protect?

Thanks for any help or guidance

 

[pmesjar]

If 192.168.27.0 is on VLAN 27, the it should be out, because you are listing 192.168.27.0 as source IP address. This way you will permit incoming traffic to the port only and only if it has source address 192.168.27.0. The second command is not needed, because by default Cisco IOS ACL has default deny any rule at the end of every acl you create - it is just not shown in the config.

Peter Mesjar
CCNA, A+ certified
pmesjar@centrum.sk