Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
598
Views
0
Helpful
1
Replies

Access-list issues on catalyst 6509 VLAN interface

pankaj_cisco111
Level 1
Level 1

‎10-15-2009 01:42 AM - edited ‎03-06-2019 08:08 AM

I have configured access-lists on catalyst 6509 switch; however it's misbehaving when access allowed for specific ports. Please check the following example

interface vlan 10

ip address 172.16.100.1 255.255.255.0

ip access-group work in

ip access-list extended work

permit tcp 172.16.100.0 0.0.0.255 host 172.17.50.10 eq 3389

deny ip any any

I still can't do remote access to 172.17.50.10 using above access-lists. However it works fine using below access-list (all TCP ports allowed).

ip access-list extended work

permit tcp 172.16.100.0 0.0.0.255 host 172.17.50.10

deny ip any any

Please suggest.

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-15-2009 02:38 AM

Hello Pankaj,

use this modified version to see what happens

ip access-list extended work_log

permit tcp 172.16.100.0 0.0.0.255 host 172.17.50.10 eq 3389

deny ip any any log

check log buffer with

sh log

and/or use

term monitor on your telnet/SSH session

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card