Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1389
Views
0
Helpful
16
Replies

Cat6500 Inbound ACL Issue. Very strange.

Go to solution
kfarrington
Level 3
Level 3

‎03-12-2009 06:06 AM - edited ‎03-06-2019 04:32 AM

Hey everyone :)

So, I have two 6500s and a vlan trunked between them (VLANx)

Running HSRP on the VLANx

6500-1 is 10.10.10.1

6500-2 is 10.10.10.2

HSRP is active on 6500-1 with 10.10.10.3

I have an inbound ACL on both VLANx interfaces, that do not permit anything but UDP traffic.

I can ping and telnet 6500-1 10.10.10.1 ip address

I cannot ping ot telnet 6500-2 10.10.10.2

I cannot ping or telnet 6500-1 10.10.10.3 HSRP

How does that work?

I would have thought, that I would not be able to ping or telnet to any of the interfaces, as it is an inbound ACL?

Is there sommat that happens in the ACL process that says, if you are directly for me, allow it or dont pass it thru the ACL?

Im confused.com :)

Many thx

Ken

Labels:
0 Helpful
16 Replies 16

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to kfarrington

‎03-12-2009 06:45 AM

Ken

i suspect Adam has hit it on the head. Inbound on a vlan interface means traffic coming FROM clients on that vlan.

What is more confusing is why 6500_1 works but not 6500_2 or the HSRP address. I'm guessing it's to do with it being a L3 switch and the path that the packets take to enter the 6500 ?.

Perhaps you could do a traceroute to all 3 addresses for us from your client ?

Jon

0 Helpful

Go to solution
adamclarkuk_2
Level 4
Level 4
In response to kfarrington

‎03-12-2009 06:54 AM

Do you get a log for the deny to the HSRP VIP ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card