cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1689
Views
6
Helpful
20
Replies

Nexus 3k route ACL on L3 interface

YFZH
Level 1
Level 1

I'm testing ACL on nexus 3k switches. Very simple setup. Two switches, R1 and R2. Linked with each other over their layer3 interfaces Eth1/1.
r1r2.png

 

 

 

Trying to use ACL r1r2 to block the traffic from R1 loopback1 to R2 loopback2 without any luck. No hit showing on the ACL counter. Any ideas are appreciated!


Config as follows:
R1:

ip route 0.0.0.0/0 12.12.12.2
interface Ethernet1/1
  no switchport
  ip address 12.12.12.1/24
  no shutdown
!
interface loopback1
  ip address 1.1.1.1/32

R2:

interface Ethernet1/1
  no switchport
  ip access-group r1r2 in
  ip address 12.12.12.2/24
  no shutdown
!
interface loopback2
  ip address 2.2.2.2/32
!
ip route 0.0.0.0/0 12.12.12.1
!
ip access-list r1r2
  statistics per-entry
  10 deny ip 1.1.1.1/32 2.2.2.2/32
  100 permit ip any any
!

Tried reboot and attching log to the ACL entry. Not seeing any changes. R1 loop1 can still ping R2 loop2, ACL on R2 has no hit, no log.

R1# ping 2.2.2.2 source 1.1.1.1
PING 2.2.2.2 (2.2.2.2) from 1.1.1.1: 56 data bytes
64 bytes from 2.2.2.2: icmp_seq=0 ttl=254 time=3.382 ms
64 bytes from 2.2.2.2: icmp_seq=1 ttl=254 time=2.666 ms
64 bytes from 2.2.2.2: icmp_seq=2 ttl=254 time=2.639 ms
64 bytes from 2.2.2.2: icmp_seq=3 ttl=254 time=2.494 ms
64 bytes from 2.2.2.2: icmp_seq=4 ttl=254 time=2.526 ms

--- 2.2.2.2 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 2.494/2.741/3.382 ms
R1# 

 

1 Accepted Solution

Accepted Solutions