04-28-2016 12:25 AM - edited 02-20-2020 09:44 PM
Hello.
I have a quick question.
I have set up a simple extended ACL.
permit ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
deny ip any any
It is enabled on SVI interface IN direction with ip 10.10.10.1/24.
When I test with ping from router to a blocked network using source interface (SVI) the ACL is not working.
Example: ping 172.16.1.5 source 10.10.10.1 = success.
Shouldn't this be blocked, and only allow traffic to 192.168.1.0/24 ?
So my questions is. Do the ACL not have effect on the router interface itself, and only on other hosts on the subnet/vlan ? (I think I remember reading about this, but cant find it)
Thank you.
Solved! Go to Solution.
05-01-2016 11:49 PM
Hi there, the traffic has to traverse the interface in order for the ACL to be considered. Here is a link to another thread on the forum that explains this very well:
I hope this helps!
Thank you for rating helpful posts!
05-01-2016 11:49 PM
Hi there, the traffic has to traverse the interface in order for the ACL to be considered. Here is a link to another thread on the forum that explains this very well:
I hope this helps!
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide