#ACL's Control traffic between vlan's
policy network group All 10.10.1.0 mask 255.255.255.0 10.10.50.0 mask 255.255.255.0 10.10.51.0 mask 255.255.255.0 10.10.52.0 mask 255.255.255.0 10.10.100.0 mask 255.255.255.0
policy network group Vlan1 10.10.1.0 mask 255.255.255.0
policy network group Vlan100 10.10.100.0 mask 255.255.255.0
policy network group Vlan500 10.10.50.0 mask 255.255.255.0
policy network group Vlan501 10.10.51.0 mask 255.255.255.0
policy network group Vlan502 10.10.52.0 mask 255.255.255.0
#Condition block all traffic
policy condition DenyAll destination network group All
#Condition Traffic to other network
policy condition Vlan500-501 source network group Vlan500 destination network group Vlan501
policy condition Vlan501-500 source network group Vlan501 destination network group Vlan500
#Condition Access to local network (for routing and local access)
policy condition Vlan100 source network group Vlan100 destination network group Vlan100
policy condition Vlan500 source network group Vlan500 destination network group Vlan500
policy condition Vlan501 source network group Vlan501 destination network group Vlan501
policy action Allow
policy action Deny disposition drop
policy rule Rule1 precedence 100 condition Vlan100 action Allow
policy rule Rule4 precedence 100 condition Vlan500-501 action Allow
policy rule Rule5 precedence 100 condition Vlan501-500 action Allow
policy rule Rule2 precedence 50 condition Vlan500 action Allow
policy rule Rule3 precedence 50 condition Vlan501 action Allow
policy rule Rule0 condition DenyAll action Deny
qos apply