Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
707
Views
0
Helpful
4
Replies

ACCESS LIST (NEXUS 7706)

slimer411
Level 1
Level 1

‎01-25-2019 12:00 AM - edited ‎03-08-2019 05:08 PM

Created an access list that will give vlan 100 (192.168.100.0/24) access to only 192.168.50.3/32 IP only. The rest will be denied. 

 

ip access-list Test


11 permit ip 192.168.50.3/32 any

 

Vlan interface 100
ip access-group test out

 

Note that the gateway of 192.168.100.0 and 192.168.50.3 are on the same switch.

 

I tried the ip access-group test in 

 

Still able to access all network in the switch which should not be. 

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎01-25-2019 12:17 AM

 

Your access list does not match your description. 

 

ip access-list Test
permit ip 192.168.100.0/24 192.168.50.3/32

 

vlan interface 100
ip access-group test in

 

Jon

0 Helpful

slimer411
Level 1
Level 1
In response to Jon Marshall

‎01-25-2019 12:27 AM

Tried testing again. Other IPs in the vlan are now denied except for the gateways, x.x.x.1. I think this is working now. Just wondering why I can still able to ping the gateway?
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to slimer411

‎01-25-2019 12:44 AM - edited ‎01-25-2019 12:44 AM

 

Do you mean you can ping all the other SVIs on the switch or just the vlan 100  SVI ? 

 

Jon

0 Helpful

slimer411
Level 1
Level 1
In response to Jon Marshall

‎01-28-2019 12:19 AM

I can ping all the other svi on the switch but not the other IPs on its network segment.
0 Helpful
Customers Also Viewed These Support Documents