cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
413
Views
0
Helpful
2
Replies

ACL in RSM

paulo.s
Beginner
Beginner

Hi, I work with Catalyst 4006 + RSM. My interfaces are configured as trunks, and subinterfaces for each vlan: gigabit 3.1, 3.2, 4.1, 4.2, etc. I have an ACL applied on the inbound line vty and it is work ok. But for a subinterface don't work.

Cisco Internetwork Operating System Software

IOS (tm) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(10)W5(18f)

ROM: System Bootstrap, Version 12.0(7)W5(15b) RELEASE SOFTWARE

ROM: L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(25)W5(27) RELEASE SOFTWARE

Router uptime is 19 weeks, 1 day, 19 hours, 31 minutes

System restarted by power-on at 17:00:07 edt3 Sun Jun 4 2006

Running default software

cisco Cat4232L3 (R5000) processor with 57344K/8192K bytes of memory.

R5000 processor, Implementation 35, Revision 2.1

Last reset from power-on

1 FastEthernet/IEEE 802.3 interface(s)

4 Gigabit Ethernet/IEEE 802.3z interface(s)

123K bytes of non-volatile configuration memory.

16384K bytes of Flash internal SIMM (Sector size 256K).

Configuration register is 0x2

Anybody can help me?

Thks,

Paulo

2 Replies 2

a.kiprawih
Rising star
Rising star

You need to apply the ACL on the VLAN/SVI interface, instead of physical sub-interface.

Applying ACL (ip access-group) on vty is common, but to filter telnet to Vlan, i.e member host telnetting to Vlan interface IP @ GW, you need to apply ACL on the Vlan itself.

Create an ACL to define permitted hosts/IPs to telnet, and apply it to the Vlan using 'access-group ' command.

HTH

AK

Ok, I applied.

My configuration:

access-list 101 permit ip 10.0.75.0 0.0.0.255 any log

access-list 101 permit ip host 10.0.65.16 any log

access-list 101 deny ip any any log

interface GigabitEthernet3.102

description Vlan Acesso Rede Adm SUN

encapsulation dot1Q 102

ip address 10.0.30.1 255.255.255.0

ip access-group 101 in

no ip redirects

no ip directed-broadcast

no cdp enable

Any ideas?

Thks,

Paulo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: