Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3768
Views
0
Helpful
1
Replies

Access-list on nexus 9k

SystemsGM
Level 1
Level 1

‎11-09-2016 12:55 PM - edited ‎03-08-2019 08:06 AM

Hi team,

I am trying to apply an access list on a nexus 9k under int vlans

I need to only allow IT_staff to communicate with test and visa versa but it is not working. I figured that the packet has to go both ways. How can i accomplish this.

int vlan 88 test (10.48.88.0/24)

    ip access-group Test in

.....................................................

int vlan 11 IT_staff (10.48.11.0/26)

......................................................

ip access-list Test

  10 permit ip 10.48.11.0/26 any
  20 deny ip any any

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎11-10-2016 04:07 AM

One thing to keep in mind about access lists is that when we apply them as in or out that it is from the perspective of the switch/router. So when you apply ACL Test as inbound it is looking at traffic from subnet 10.48.88.0 coming into your N9K. But the access list says that 10.48.11.0 is the source address going to any destination address. The packets coming into interface vlan 88 will have 10.48.88 as their source address and so no packet is permitted. To fix this you should either apply your ACL as out or you should rewrite the ACL to make 10.48.11 the destination address.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents