Showing results for 
Search instead for 
Did you mean: 

Bypass / Cheat ACL


Hi All

I'm having a problem with a connection to a storage device in our DC.

I have multiple there and there are many ACL's in on our Core (Bonded Pair) but they are the same rules to each storage device.

Applied via switch to get to the DC. I've compared the ACL's on each Core to see if there was a miss match but couldn't find any.

I keep getting packet loss to one on the storage nodes. Clients are on Vlan10 and Storage is on Vlan100.
Clients are currently configured to Vlan10 and ACL gives access to the storage.

If I did a trunk mode to the Client with a native vlan10
Would this allow me to trick/cheat the ACLs and give me a direct/better connection to confirm it's an ACL or possibly something else?
Or is there a better way to check and test this?


VIP Mentor VIP Mentor
VIP Mentor


   - If you think the problem is related to the ACL's then try remove them temporarily and test


VIP Guru VIP Guru
VIP Guru

I do the below test :


1. This may be due to load balance or physical port issues.

   - if this is port-channel, shutdown 1 of the port and test, same test other links too, see any difference.

2. as suggested, remove ACL for temporary and test.


Do you see any errors on the interface?



***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World

two different VLAN need some L3 in between ? are you config any HSRP ? how two DC SW handle L3 GW?
the goal of using HSRP is give one Default GW IP to Client which is the VIP. 
I think the Client use wrong Default GW so it never connect to Storage.


The dropped packets still creeping up even when switch dropping one of the ports in the port channel group.

As far as the ACL's go. I've allowed all tcp traffic and only denied 443 so users can't get to the storage UI.
And no change.
I'm starting to think there is something else going on here.

Can you simple draw the topology?