Folks,
I’m hoping someone can shed some light on this. Not a fault as such, but some weird and unexpected behaviour.
Scenario:
Applying a port ACL to block inbound traffic from 2 devices (10.9.9.9 and 10.9.9.10) to another 3 devices (10.9.9.15, 10.9.9.16 and 10.9.9.17).
ACL as follows (not actual ip addresses)
Ip access-list extended ICMBLOCK
Deny ip 10.9.9.9 0.0.0.1 10.9.9.15 0.0.0.2 log
Permit ip any any log
This was then applied inbound to the 2 switchports which connect 10.9.9.9 and 10.9.9.10
Int)# ip access-group ICMBLOCK in
Weird Behaviour:
1) Traffic to 10.9.9.15 and 10.9.9.17 was blocked. But traffic to 10.9.9.16 was permitted through. Shouldn’t the reverse mask on 10.9.9.15 0.0.0.2 cover all 3 destination Ips?
2) Once the trial was finished, I removed the access-group from both switchports. However, log messages indicating permits and denys still appeared. I swear the acl was not applied to any other interfaces.
Eventually I had to delete the acl itself to stop this behaviour
Does anyone know why this behaviour occurred? Any help gratefully received.
Regards,
Martin.