Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
295
Views
0
Helpful
4
Replies

Access control list

Dan McGuire
Level 1
Level 1

‎10-27-2016 05:43 AM - edited ‎03-08-2019 07:56 AM

I have a 3650 switch. It has two LANs: 87 and 88. Each LAN has an SVI:

87: 10.1.87.1/24

88: 10.1.88.1/24

There are servers on each LAN. A server in the 87 LAN is 10.1.87.61. 

The switch can ping the server.

1. I create an ACL with the single line:

access-list 87 permit ip host 10.1.87.61 host 10.1.87.1

I apply it inbound to the 87 SVI.

The switch can ping the server.

2. I create an ACL with the single line:

access-list 87 permit ip 10.1.87.0 0.0.0.255 host 10.1.87.1

The switch cannot ping the server.

What am I missing?

Big picture is I want to allow certain assets on the 87 LAN to access the 88 LAN, and vice versa. But every ACL I try, I end up preventing the switch from pinging assets on its own LAN. 

Labels:
0 Helpful
4 Replies 4

Milos Megis
Level 3
Level 3

‎10-28-2016 12:14 AM

It can be caused because PING is not IP protocol but ICMP.

Try permit icmp....

0 Helpful

Pawan Raut
Level 4
Level 4
In response to Milos Megis

‎10-28-2016 02:17 AM

Hi Milos,

I am not agree with your statement IP means all kind of traffic including ICMP, TCP, UDP.

0 Helpful

Milos Megis
Level 3
Level 3
In response to Pawan Raut

‎10-28-2016 02:19 AM

So then I am sorry for bad information.

Thank you for correction.

0 Helpful

Pawan Raut
Level 4
Level 4

‎10-28-2016 02:16 AM

Not sure what you did wrong but acl is not causing this issue. communication in one broadcast domain (that is in same subnet) will not impact by any acl,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card