10-29-2005 12:00 AM - edited 03-03-2019 12:36 AM
Hi guys, can someone please have a look at this ACL? its acting strange on my 3750. i have a port in vlan 10 (192.168.100.x)and the rest in vlan 1 (10.x.x.x). the 192.168.4.0 network is on another connected router without ACL's.
access-list 120 deny ip 192.168.100.0 0.0.0.255 192.168.4.0 0.0.0.255
access-list 120 permit ip any
int vlan 10
ip access-group 120 in
when i apply this vlan 10 traffic cant get to the 192.168.4.x network but neither can traffic in vlan 1. Is the config different on subinterfaces?
10-29-2005 12:17 AM
line 2:
access-list 120 permit ip any
should probably read:
access-list 120 permit ip any any
Regards,
Leo
10-29-2005 12:25 AM
did that (i mistyped). Scratching my head why vlan 1 traffic would be affected. Even if i put a blanket deny ip any any in providing i only applied it to vlan 10 in it shouldnt affect vlan 1 traffic. my question is are VACL's tricky to implement? or should this VACL work?
10-29-2005 01:28 AM
Hello,
you could try a VLAN ACL instead and see if that works any better>
vlan access-map BLOCK 10
action drop
match ip address 100
vlan access-map BLOCK 20
action forward
vlan filter BLOCK vlan-list 10
!
access-list 100 permit ip 192.168.100.0 0.0.0.255 192.168.4.0 0.0.0.255
Regards,
GP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide