10-27-2016 05:43 AM - edited 03-08-2019 07:56 AM
I have a 3650 switch. It has two LANs: 87 and 88. Each LAN has an SVI:
87: 10.1.87.1/24
88: 10.1.88.1/24
There are servers on each LAN. A server in the 87 LAN is 10.1.87.61.
The switch can ping the server.
1. I create an ACL with the single line:
access-list 87 permit ip host 10.1.87.61 host 10.1.87.1
I apply it inbound to the 87 SVI.
The switch can ping the server.
2. I create an ACL with the single line:
access-list 87 permit ip 10.1.87.0 0.0.0.255 host 10.1.87.1
The switch cannot ping the server.
What am I missing?
Big picture is I want to allow certain assets on the 87 LAN to access the 88 LAN, and vice versa. But every ACL I try, I end up preventing the switch from pinging assets on its own LAN.
10-28-2016 12:14 AM
It can be caused because PING is not IP protocol but ICMP.
Try permit icmp....
10-28-2016 02:17 AM
Hi Milos,
I am not agree with your statement IP means all kind of traffic including ICMP, TCP, UDP.
10-28-2016 02:19 AM
So then I am sorry for bad information.
Thank you for correction.
10-28-2016 02:16 AM
Not sure what you did wrong but acl is not causing this issue. communication in one broadcast domain (that is in same subnet) will not impact by any acl,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide