Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
286
Views
0
Helpful
3
Replies

Access list problem

cro9uk
Level 1
Level 1

‎10-29-2005 12:00 AM - edited ‎03-03-2019 12:36 AM

Hi guys, can someone please have a look at this ACL? its acting strange on my 3750. i have a port in vlan 10 (192.168.100.x)and the rest in vlan 1 (10.x.x.x). the 192.168.4.0 network is on another connected router without ACL's.

access-list 120 deny ip 192.168.100.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 120 permit ip any

int vlan 10

ip access-group 120 in

when i apply this vlan 10 traffic cant get to the 192.168.4.x network but neither can traffic in vlan 1. Is the config different on subinterfaces?

Labels:
0 Helpful
3 Replies 3

lgijssel
Level 9
Level 9

‎10-29-2005 12:17 AM

line 2:

access-list 120 permit ip any

should probably read:

access-list 120 permit ip any any

Regards,

Leo

0 Helpful

cro9uk
Level 1
Level 1
In response to lgijssel

‎10-29-2005 12:25 AM

did that (i mistyped). Scratching my head why vlan 1 traffic would be affected. Even if i put a blanket deny ip any any in providing i only applied it to vlan 10 in it shouldnt affect vlan 1 traffic. my question is are VACL's tricky to implement? or should this VACL work?

0 Helpful

Georg Pauwen
VIP
VIP

‎10-29-2005 01:28 AM

Hello,

you could try a VLAN ACL instead and see if that works any better>

vlan access-map BLOCK 10

action drop

match ip address 100

vlan access-map BLOCK 20

action forward

vlan filter BLOCK vlan-list 10

!

access-list 100 permit ip 192.168.100.0 0.0.0.255 192.168.4.0 0.0.0.255

Regards,

GP

0 Helpful
Customers Also Viewed These Support Documents