i tried to create a simple two VLAN (10 and 99) and a traditional inter-Vlan between them.
All working correctly , until a place an ACL.
I tried to create an access list in this way for block icmp traffic from Vlan10 to Vlan 99.
#ip access-list extended pr
deny icmp 22.214.171.124 0.0.0.255 126.96.36.199 0.0.0.255
permit ip any any
#ip access-group pr in
in this way PING not working (is correct) between Vlan10 and Vlan 99. But i tried to do the same from Vlan99 to Vlan 10 and PING give a timeout, but should work.
So I thought... If I block a traffic between one Vlan to other, I block traffic in both directions?
Because I see that Vlan 99 ping correctly the Vlan 10, but when send the reply maybe the access list block (because pass on same port) and in same direction ( Inbound).... where I'm wrong?
I think my problem is ACL, because Inter-Vlan is very simple and before ACL ping correctily from Vlan 10 to Vlan 99 and from Vlan 99 to Vlan 10
It' s possible block just traffic in one direction? I can't understand this reasoning. I had also tried to insert a few lines first in ACL to try to allow, but in the end I didn't find a correct choice.
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th...
We know that the Type-1 LSA describes the link type connected to the router, the neighbor router and the subnet number.In this topology, assume we dont have a Type-2 LSA, so each router will create its own Type-1 LSA, the Type-1 LSA will describe the neig...
Here are some commonly asked questions and answers to help with your adoption of Cisco DNA Center Wireless. Subscribe to this post to stay up-to-date with the latest Q&A and recommended Ask the Experts (ATXs) sessions to attend.
Q. I have a Cisco Appl...
Why IETF changed and inverted OSPF Type-7 LSA VS Type-5 LSA election In RFC 3101 compared to OLD RFC 1587?Many people learns that the Type-7 LSA and Type-5 election (ON Versus OE routes) depends on RFC 3101 for NSSA published in 2003 and RFC 1587 for NSSA...