Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
679
Views
0
Helpful
1
Replies
Highlighted
Kyujin Choi
Beginner
Beginner
‎08-10-2016 06:54 AM
‎08-10-2016 06:54 AM

port-group ip access-list and group

Good morning. I do understand the direction of acl in/out. Here is the example. I am doing on Nexus 1k which is same rule applied. 

ACL in/out direction and interface

When you apply an ACL "in", the router examines all traffic it RECEIVES on the interface against the ACL.
When you apply an ACL "out" on an interface the router examines any traffic attempting to leave that interface against the ACL.

 !!!!!  This is what I want to do. I like to allow only traffic from 10.200.213.25 and 10.201.250.0/24 and block all private IP range to the port-profile 218vlan !!!!!

(1000v port-profile)

port-profile type vethernet 218Vlan
switchport mode access
switchport access vlan 218
ip port access-group med-02 in
no shutdown
state enabled
vmware port-group



IPV4 ACL med-02
10 permit ip  10.200.213.25/32  any
20 permit ip  10.201.250.0/24 any
30 deny ip 10.0.0.0/8 any
40 deny ip 172.16.0.0/12  any
50 deny ip 192.168.0.0/16  any
60 permit ip any any log

When I applied this access-group, it blocked all traffic including 10.200.213.25. Am I missing something? 

Labels:
0 Helpful
Reply
1 REPLY 1
Highlighted
Kyujin Choi
Beginner
Beginner
‎08-10-2016 08:01 AM
‎08-10-2016 08:01 AM

It works. thanks. I was

It works. thanks. I was confused. 

port-profile type vethernet 218Vlan
switchport mode access
switchport access vlan 218
ip port access-group test2 in
no shutdown
state enabled
vmware port-group


ip access-list test2
permit ip 10.200.218.0/24 host 10.200.213.25
permit ip 10.200.218.0/24 10.201.250.0/24
deny ip 10.200.218.0/24 10.0.0.0/8
deny ip 10.200.218.0/24 172.16.0.0/16
deny ip 10.200.218.0/24 192.168.0.0/16
permit ip any any

0 Helpful
Reply
Latest Contents
Establishing connection with a remote network not working
Created by zivx on 05-30-2020 02:56 PM
4
0
4
0
I tried to setup a virtual environment with 2960 switches and 2911 Router. In one part of the network where I connected PCs directly to the 2911 Router, I was able to communicate to the attached devices, having configured static route. In the th... view more
New software-defined solutions for segmentation and control
Created by gajewell on 05-27-2020 06:17 PM
0
0
0
0
Network Insider Live Webinar Tuesday, June 23, 2020 10:00 am Pacific Time (San Francisco, GMT-08:00) Learn how Software-Defined Access and new innovations in Cisco DNA Center provide a better way to control your network. We will explore new enhancements, ... view more
Meet the Authors FAQ- Evolution of Overlay Networking
Created by ciscomoderator on 05-26-2020 02:44 PM
1
5
1
5
This event had place on Thursday 30, April 2020 at 10hrs PDT Introduction Featured Author Victor Moreno is a Distinguished Engineer at Cisco Systems responsible for the definition of next generation network architectures. Victor has over 20 years of i... view more
Meet the Authors video- Network Programmability with Joe Cla...
Created by ciscomoderator on 05-26-2020 02:32 PM
1
0
1
0
Meet the Authors Event - Network Programmability with Joe Clarke (Live event – Wednesday, May 21st, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris) This event had place on Thursday 21st, May 2020 at 10hrs PDT  In this session,... view more
Meet the Authors Slides- Network Programmability with Joe Cl...
Created by ciscomoderator on 05-26-2020 02:22 PM
0
0
0
0
Meet the Authors Slides - Network Programmability with Joe Clarke (Live event – Wednesday, May 21st, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris) This event had place on Thursday 21st, May 2020 at 10hrs PDT  In this session,... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Cisco Community April 2020 Spotlight Award Winners
Follow our Social Media Channels