Hello everyone,
I wonder if anyone have had a similar issue as the one I have been experiencing, I have create a Trunk port with dual link for redundancy and added as Po66 by example.
then created a sub interface with the IP 172.1.1.1/24 VLAN 66 zone: inside
But I m unable to ping the device attach to the inteface although is set as: 172.1.1.2/24 over VLAN 66
My enviroment topology links:
FRP - Spine Switch -> Leaf switch -> device (status: drop)
as reference I am connected as work station -> Leaf Switch -> Spine Switch -> Management servers -> VM -> Virtual FMC (status: OK)
I did tried packet tracer with a concerning result:
VLAN66(vrfid:0)
ACCESS-LIST (OK)
- Type:
ACCESS-LIST
Result:
ALLOW
Config:
Implicit Rule
Elapsed Time:
37532 ns
Additional Information
ROUTE-LOOKUP | No ECMP load balancing (OK)
- Type:
ROUTE-LOOKUP
Subtype:
No ECMP load balancing
Result:
ALLOW
Config:
Elapsed Time:
36679 ns
Additional Information
OBJECT_GROUP_SEARCH (OK)
- Type:
OBJECT_GROUP_SEARCH
Result:
ALLOW
Config:
Elapsed Time:
0 ns
Additional Information
ACCESS-LIST (DROP)
- Type:
ACCESS-LIST (DROP) - Result:
DROP
Config:
Implicit Rule
Elapsed Time:
853 ns
Additional Information
Result: drop
Input Interface:
VLAN66(vrfid:0)
Input Status:
up
Input Line Status:
up
Output Interface:
VLAN66(vrfid:0)
Output Status:
up
Output Line Status:
up
Action:
drop
Time Taken:
75064 ns
Drop Reason:
(acl-drop) Flow is denied by configured rule
Drop Detail:
Drop-location: frame 0x000000aaad4a9ef4 flow (NA)/NA
QUESTION: do I ahve to create an access allow policy to allow this link on the interface? any idea please
