AOS ACL Configuration to allow interVlan routing within the Group

[THC1958]

Hi There,

Can anyone help me to write an ACL on AOS to allow InterVLAN ( Network) routing within the same VLAN ( Network) group only. While All VLAN ( network) must be able to access Voice VLAN ( Network)
Example :

Group1
---------
VLAN ID 1011 - 10.1.1.0/24
VLAN ID 1012 - 10.1.2.0/24
VLAN ID 1071 - 10.7.1.0/24

Group2
--------
VLAN ID 1021 - 10.2.1.0/24
VLAN ID 1022 - 10.2.2.0/24
VLAN ID 1072 - 10.7.2.0/24

Group3
---------
VLAN ID 1031 - 10.3.1.0/24
VLAN ID 1032 - 10.3.2.0/24
VLAN ID 1073 - 10.7.3.0/24

VOICE VLAN ID 1099 - 10.99.0.0/16

tq/THC

[silvio]

Hi,
one possibility is to deny the unwanted traffic.

policy network group G1 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 10.7.1.0 255.255.255.0
policy network group G2 10.2.1.0 255.255.255.0 10.2.2.0 255.255.255.0 10.7.2.0 255.255.255.0
policy network group G3 10.3.1.0 255.255.255.0 10.3.2.0 255.255.255.0 10.7.3.0 255.255.255.0
policy condition G1-G2 source network group G1 destination network group G2
policy condition G1-G3 source network group G1 destination network group G3
policy condition G3-G2 source network group G3 destination network group G2
...
policy action deny disposition deny
policy rule G1-G2 condition G1-G2 action deny
policy rule G1-G3 condition G1-G3 action deny
policy rule G3-G2 condition G3-G2 action deny
...
qos apply

regards
Silvio

[THC1958]

Hi Silvio,

Thanks for your script. Let me try it out.

TQ

[THC1958]

Hi Silvio,

1st, I have tried to load the script to a OS6850-24 switch. but it was unsuccessful due to some error. Appreciate if you can correct it and post it again.
2ndly, could you please let me know why i can't see the policy configuration while execute "show configuration snapshot all".

appreciate your expert advise.

Thanks/THC