I just want to know the use of the below access-list rule which is created on my working environment. This network 10.206.130.0/23 is configured on same device you can find log below.
What is the use of giving below rule like src and dst network are same, That is applied on same subnet interface.
C6509#sh access-lists Vlan152-out | in deny 20 deny ip 10.206.130.0 0.0.1.255 10.206.130.0 0.0.1.255 (8303 matches)
C6509#sh run interface tenGigabitEthernet 9/4.152 Building configuration...
Current configuration : 462 bytes ! interface TenGigabitEthernet9/4.152 description 10.206.130.0/23:VLAN152 encapsulation dot1Q 152 vrf forwarding RDS:MSN:0002 ip address 10.206.130.2 255.255.254.0 ip access-group Vlan152-out out ip helper-address 10.206.168.4 ip helper-address 10.20.204.28 no ip redirects no ip proxy-arp standby 156 ip 10.206.130.1 standby 156 priority 150 standby 156 preempt standby 156 track 1 decrement 11 standby 156 track 2 decrement 100 end
C6509#sh version Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9-M), Version 15.1(2)SY2, RELEASE SOFTWARE (fc3)
ROM: System Bootstrap, Version 12.2(17r)S4, RELEASE SOFTWARE (fc1) BOOTLDR: Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9-M), Version 15.1(2)SY2, RELEASE SOFTWARE (fc3)
The straightforward answer to your question is that the access list entry denies traffic being forwarded to the subnet whose source address is in that subnet. The fairly obvious explanation is that it would catch spoofed source addresses. But I am surprised to see that there are 8303 matches. Either there is a significant ongoing attempt to spoof the source address or something else is happening. Seeing that this is a 6509 and that HSRP is configured makes me wonder if some packets are sourced from the other HSRP member and forwarded to this switch or something like that.
Starting from NFVIS 3.12 versions, the deploy option does not depict all the SR-IOV VFs(Virtual Functions) available in a physical interface. This change is introduced as (i) the number of VFs of ENCS platform on LANs side is increased to 24 and (ii) the...
Community Live- Getting to know Cisco SD-WAN
(Live event - formerly known as Webcast- Wednesday December 11, 2019 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris)
This event will have place on Wednesday 11th, December 2019 at 10hrs PDT
Hi alli have 40 spots (40 Ethernet cables for computers coming out from switch) and i want each of these spots to have fix IP which means if i swap the computer the IP of certain spot remain the same.example : at spot 30 i have IP address of 192.168.22.40...
Cisco DNA Center nodes lost network connectivity. Cannot SSH to nodes. Cluster and Enterprise port connected to Cisco Nexus Switches.
Cisco DNA Center kernel logs showing hung queue error messages. "sudo cat /var/log/kern.log"