05-23-2003 02:06 PM - edited 03-02-2019 07:36 AM
What does a access-list do when applied to an VLAN interface? It filter all traffic to or from any interface that belongs to that VLAN?
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
!
interface VLAN10
ip access-group 101 out
05-24-2003 05:36 PM
It filters *routed* traffic to or from an interface in the VLAN; e.g., traffic to or from other VLANs.
05-25-2003 05:56 PM
This access is applied out bound. So, it is going to be affecting traffic going to hosts in vlan 10. But, hosts in vlan 10 have nothing applied to them coming in. Remember, your reference point of in and out ,is "if -you -were- sitting -inside -the -router".
05-26-2003 10:53 AM
Can you explain "if -you -were- sitting -inside -the -router"? From which side i must imagine VLAN 10?
05-27-2003 03:35 PM
You just have to think of it as any other interface. It sounds intuitive but it really confused me at first -- I couldn't figure out for the life of me why my access lists weren't working.
Packets from VLAN 10 are going *in* the VLAN 10 interface; packets to VLAN 10 are going *out* the VLAN 10 interface.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide