cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
508
Views
0
Helpful
1
Replies
pankaj_cisco111
Beginner

Access-list issues on catalyst 6509 VLAN interface

I have configured access-lists on catalyst 6509 switch; however it's misbehaving when access allowed for specific ports. Please check the following example

interface vlan 10

ip address 172.16.100.1 255.255.255.0

ip access-group work in

ip access-list extended work

permit tcp 172.16.100.0 0.0.0.255 host 172.17.50.10 eq 3389

deny ip any any

I still can't do remote access to 172.17.50.10 using above access-lists. However it works fine using below access-list (all TCP ports allowed).

ip access-list extended work

permit tcp 172.16.100.0 0.0.0.255 host 172.17.50.10

deny ip any any

Please suggest.

1 REPLY 1
Giuseppe Larosa
Hall of Fame Master

Hello Pankaj,

use this modified version to see what happens

ip access-list extended work_log

permit tcp 172.16.100.0 0.0.0.255 host 172.17.50.10 eq 3389

deny ip any any log

check log buffer with

sh log

and/or use

term monitor on your telnet/SSH session

Hope to help

Giuseppe