cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
562
Views
5
Helpful
8
Replies

ACL is not working

Shivu b
Beginner
Beginner

Hello Members,

 

I did  configure the following ACL list in a switch that allows to host network and deny remaining network traffic but ACL is not working and can ping the rest of the device particular VLAN

 

can someone correct the ACL list?

 

access-list 101 permit ip 10.132.54.0 0.0.0.15 host 10.253.64.101
access-list 101 permit ip 10.132.54.0 0.0.0.15 host 10.253.64.222
access-list 101 deny ip 10.132.54.0 0.0.0.15 any

 

 

 

 

8 Replies 8

MHM Cisco World
Advisor
Advisor

which direction you apply ACL ?

does need to specify separately for outbound? 

ACL for which VLAN 
-VLAN for Host 
the ACL direction must be IN 
-VLAN for 10.132.x.x 
the ACL direction must be OUT 

Hello,

 

let's assume the Vlan 54 is the source network, try the below:

 

interface Vlan54
ip address 10.132.54.1 255.255.255.0
ip access-group 101 out

paul driver
VIP Expert VIP Expert
VIP Expert

Hello

As @MHM Cisco World stated, the direction of the acl is requied.

Looking at your acl the source is ( Vlan X = 10.132.54.0/28), 
10.132.54.0 0.0.0.15 host 10.253.64.101

So the acl direction applied to Vlan X  should be =  IN

 

Vlan X
ip address 10.132.54.X 255.255.255.240
ip access-group 101 IN

 

Vlan acl logic
traffic origninating from within the vlan  = IN
traffic towards to the vlan = OUT

171831-SVI Directions.png

 



kind regards
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Shivu b
Beginner
Beginner

Hello All,

 

Thanks for your reply. Unfortunately, none of the solutions works. 

 

Hello,

 

odd, as it is a fairly simple access list. Can you post the full running configuration of your switch ?

MHM Cisco World
Advisor
Advisor

only the thing that make this ACL not work after add IN OUT is the L3 forwarding is done not in VLAN interface but in Router or FW connect to these VLAN and host use it as GW.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: