10-29-2005 12:00 AM - edited 03-03-2019 12:36 AM
Hi guys, can someone please have a look at this ACL? its acting strange on my 3750. i have a port in vlan 10 (192.168.100.x)and the rest in vlan 1 (10.x.x.x). the 192.168.4.0 network is on another connected router without ACL's.
access-list 120 deny ip 192.168.100.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 120 permit ip any
int vlan 10
ip access-group 120 in
when i apply this vlan 10 traffic cant get to the 192.168.4.x network but neither can traffic in vlan 1. Is the config different on subinterfaces?
10-29-2005 12:17 AM
line 2:
access-list 120 permit ip any
should probably read:
access-list 120 permit ip any any
Regards,
Leo
10-29-2005 12:25 AM
did that (i mistyped). Scratching my head why vlan 1 traffic would be affected. Even if i put a blanket deny ip any any in providing i only applied it to vlan 10 in it shouldnt affect vlan 1 traffic. my question is are VACL's tricky to implement? or should this VACL work?
10-29-2005 01:28 AM
Hello,
you could try a VLAN ACL instead and see if that works any better>
vlan access-map BLOCK 10
action drop
match ip address 100
vlan access-map BLOCK 20
action forward
vlan filter BLOCK vlan-list 10
!
access-list 100 permit ip 192.168.100.0 0.0.0.255 192.168.4.0 0.0.0.255
Regards,
GP
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: