01-19-2022 09:54 AM
Hello Members,
I did configure the following ACL list in a switch that allows to host network and deny remaining network traffic but ACL is not working and can ping the rest of the device particular VLAN
can someone correct the ACL list?
access-list 101 permit ip 10.132.54.0 0.0.0.15 host 10.253.64.101
access-list 101 permit ip 10.132.54.0 0.0.0.15 host 10.253.64.222
access-list 101 deny ip 10.132.54.0 0.0.0.15 any
01-19-2022 10:25 AM
which direction you apply ACL ?
01-19-2022 10:32 AM
does need to specify separately for outbound?
01-19-2022 10:52 AM
ACL for which VLAN
-VLAN for Host
the ACL direction must be IN
-VLAN for 10.132.x.x
the ACL direction must be OUT
01-19-2022 11:08 AM
Hello,
let's assume the Vlan 54 is the source network, try the below:
interface Vlan54
ip address 10.132.54.1 255.255.255.0
ip access-group 101 out
01-19-2022 11:54 AM
Hello
As @MHM Cisco World stated, the direction of the acl is requied.
Looking at your acl the source is ( Vlan X = 10.132.54.0/28),
10.132.54.0 0.0.0.15 host 10.253.64.101
So the acl direction applied to Vlan X should be = IN
Vlan X
ip address 10.132.54.X 255.255.255.240
ip access-group 101 IN
Vlan acl logic
traffic origninating from within the vlan = IN
traffic towards to the vlan = OUT
01-25-2022 06:38 AM
Hello All,
Thanks for your reply. Unfortunately, none of the solutions works.
01-25-2022 07:18 AM
Hello,
odd, as it is a fairly simple access list. Can you post the full running configuration of your switch ?
01-25-2022 07:56 AM
only the thing that make this ACL not work after add IN OUT is the L3 forwarding is done not in VLAN interface but in Router or FW connect to these VLAN and host use it as GW.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide