04-25-2019 12:48 AM
Hello. I have SVI vlan 500 on L3 switch configured as point-to-point link. I get this vlan 500 through trunk. Through this vlan I accept remote network 10.180.100.0/24. I tried to setup access-list on SVI vlan 500 to access only few servers. For example:
permit ip 10.180.100.0 0.0.0.255 host 10.180.200.50.
deny ip any any
I assigned this access list to SVI interface with vlan 500 as IN. But I can't to reach the server.
Where I did mistake?
04-25-2019 12:51 AM
Can you post the show run interface VLAN 500
show access-list
04-25-2019 01:33 AM
04-25-2019 02:39 PM
glad all working , if it solved can you mark as solved. so other community members can view as solution.
04-25-2019 01:21 AM - edited 04-25-2019 01:27 AM
Hello
wrote:
Hello. I have SVI vlan 500 on L3 switch configured as point-to-point link. I get this vlan 500 through trunk. Through this vlan I accept remote network 10.180.100.0/24. I tried to setup access-list on SVI vlan 500 to access only few servers. For example:
permit ip 10.180.100.0 0.0.0.255 host 10.180.200.50.
deny ip any any
I assigned this access list to SVI interface with vlan 500 as IN. But I can't to reach the server.
Where I did mistake?
@Vitalii
SVI ACL logic
IN = Traffic originated from within vlan
OUT= Traffic originated from outside towards vlan
The below example based on the above will allow any host in 10.180.100.0/24 only access to server 10.189.200.50 that resides in vlan 500 which is rather restrictive to the vlan 500, but you need to use the OUT keyword.
access-list 100 permit ip 10.180.100.0 0.0.0.255 host 10.180.200.50
int vlan 500
ip access-group 100 out
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide