Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
0
Helpful
3
Replies

ACL not working on 3750 Switch Stack on a trunk port

Mark Gross
Level 1
Level 1

‎03-10-2015 09:01 AM - edited ‎03-07-2019 11:01 PM

I cannot figure out why the ACL is not working on a 3750 running 12.2 (55)SE on a trunk port.  For testing, there is 1 x IP (10.101.15.13) that should be denied to all VLANs on the trunk.  I have tried standard and extended list, but neither seem to work.

 

What am I doing wrong?

 

Access-List:

Standard IP access list 10
    10 deny   10.101.15.13 log
    20 permit any log

Access-List Interface:

interface GigabitEthernet7/0/10
 description ESX Trunk
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,2,60-63
 switchport mode trunk
 ip access-group 10 in

Mac-Address on the Switch Port:

63    0050.569a.6d9f    DYNAMIC     Gi7/0/10

Windows Machine MAC:

Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter #4
Physical Address. . . . . . . . . : 00-50-56-9A-6D-9F

Windows Connection (which should be denied):

 TCP    10.20.63.4:3389        10.101.15.13:21289     ESTABLISHED     InHost

Labels:
0 Helpful
3 Replies 3

Mark Gross
Level 1
Level 1

‎03-17-2015 07:40 AM

bump.

 

Must be a real nutcracker.  No responses.

0 Helpful

Mark Gross
Level 1
Level 1
In response to Mark Gross

‎04-02-2015 07:31 AM

PACL only apply to an L2 interface.  On an L2 interface the only direction that can be applied is INBOUND.  On an L3 interface INBOUND or OUTBOUND can be specified.

 

In any case, I have worked around the issue by applying VACLs. Marking this as resolved.

 

0 Helpful

jonasvanraes1
Level 1
Level 1

‎04-02-2015 01:23 AM

Maybe it's because your ACL is inbound, he only looks at the traffic coming from that trunk line?

0 Helpful
Customers Also Viewed These Support Documents