Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
532
Views
0
Helpful
4
Replies

Extended ACL problem

lainisis
Level 1
Level 1

‎01-17-2024 05:08 PM

Hi there

I set the Access map and Access list in the C9410 model.

This is part of the settings.

 

vlan-access-map vacl12 6
match ip address vlan12-emaster
action forward

vlan-access-map vacl12 10
match ip address vlan12
action drop

ip access-list extended vlan12-emaster
permit ip 10.10.64.0 0.0.7.255 host 10.10.101.61
permit ip 10.10.64.0 0.0.7.255 host 10.10.101.62
permit ip 10.10.64.0 0.0.7.255 host 10.10.101.63
permit ip 10.10.64.0 0.0.7.255 host 10.10.101.64
permit ip 10.10.64.0 0.0.7.255 host 10.10.101.65
permit ip 10.10.64.0 0.0.7.255 host 10.10.62.21
permit ip 10.10.64.0 0.0.7.255 host 10.10.62.22
permit ip 10.10.64.0 0.0.7.255 host 10.10.62.23
permit ip 10.10.64.0 0.0.7.255 host 10.10.62.24
permit ip 10.10.64.0 0.0.7.255 host 10.10.62.25

ip access-list extended vlan12
permit ip 10.10.64.0 0.0.7.255 10.10.56.0 0.0.7.255
permit ip 10.10.64.0 0.0.7.255 10.10.96.0 0.0.7.255

Despite the permit settings set in the same forward policy, IPs 10.10.101.61~65 cannot remotely connect to other PCs. However, 10.10.62.21~25 is being remotely connected normally.

To check the policy, if the permit policy of the drop policy, permit ip 10.10.64.0 0.0.7.255 10.10.96.0 0.0.7.255, is deleted, IPs 10.10.101.61~65 will be able to remotely access other PCs normally.

Even after deleting and resetting the forward settings, the symptom is the same. What is the problem?

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎01-17-2024 08:32 PM 

switch1(config)#vlan filter Mapping vlan-list 1

I dont see vlan filter command?

MHM

0 Helpful

lainisis
Level 1
Level 1
In response to MHM Cisco World

‎01-17-2024 08:37 PM

I already added vlan filter command like this
vlan filter vacl12 vlan-list 12

0 Helpful

lainisis
Level 1
Level 1
In response to MHM Cisco World

‎01-17-2024 08:41 PM

The history is as follows:

First, I was using the forward policy for the 101.0 IP, and it worked well without any problems.

Later, due to an office move, I added a policy for the 62.0 IP to forward, and this also worked well.

However, after the office was changed again and an attempt was made to use the 101.0 IP, remote access was not possible.

0 Helpful

MHM Cisco World
VIP
VIP
In response to lainisis

‎01-17-2024 09:59 PM

Ok' maybe the acl hung in some point.

You have two line start with seq 6

Add new line let say seq 1 for permit traffic and seq 2 for deny other 

If it work remove seq 6 and 10.

MHM

0 Helpful
Customers Also Viewed These Support Documents