Hi I have a home network up and running well that uses a Cisco 1801.
I am just trying to increase my understanding of some it's config and I'm confused by ACLs on a VLAN interface.
Ok so I 'be the router' and imagine packets flowing to me and from me
I have two VLANs configured
VLAN 10 - 10.10.10.0 / 25
VLAN 20 - 10.10.10.128 /27
So for example, one of my Virtual Machines has an address 10.10.10.6 and is on VLAN 10.
Another has an address of 10.10.10.134 and is on VLAN 20.
I want to allow 10.10.10.6 access to 10.10.10.134, but prevent other VLAN 10 devices access.
So I create an ACL and apply it inbound of interface Vlan 20.
The config below works as desired, but I don't understand why.
If the packet filtering is for the inbound direction of the interface, then my logic would state that the source address of the packet to be filtered would be 10.10.10.6, not 10.10.10.134.
Can someone help me understand. Thanks.
interface Vlan20
ip access-group ACL-INBOUND in
!
ip access-list extended ACL-INBOUND
permit ip host 10.10.10.134 host 10.10.10.6 log-input
