I'm having a strange problem, maybe someone can help. Here's the situation:

172.17.5.0/24  --- (Vlan2134) CAT-4948-10G (Vlan2139) ---- 172.18.0.0/16

interface Vlan2134

description TDP-TECH

ip address 172.17.5.253 255.255.255.0

interface Vlan2139

ip address 172.18.0.253 255.255.0.0

ip access-group LOCKS-IN in

ip access-group LOCKS-OUT out

I have a ping running, going from 172.17.5.162 to 172.18.0.22. Everything is fine, not sure why it's truncated, though.

$ ping 172.18.0.22

PING 172.18.0.22 (172.18.0.22) 56(84) bytes of data.

40 bytes from 172.18.0.22: icmp_req=1 ttl=63 (truncated)

40 bytes from 172.18.0.22: icmp_req=2 ttl=63 (truncated)

40 bytes from 172.18.0.22: icmp_req=3 ttl=63 (truncated)

^C

--- 172.18.0.22 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2002ms

rtt min/avg/max/mdev = 2.055/2.106/2.149/0.053 ms

The ACLs are defined on the interface, but they haven't actually been configured. If my goal was to allow only these pings, and nothing else, wouldn't a reasonable ACL be something like this:

ip access-list extended LOCKS-IN

permit icmp 172.17.5.0 0.0.0.255 172.18.0.0 0.0.255.255 echo

ip access-list extended LOCKS-OUT

permit icmp 172.18.0.0 0.0.255.255 172.17.5.0 0.0.0.255 echo-reply

?

Because when I turn them on, I get this output on my ping:

40 bytes from 172.18.0.22: icmp_req=22 ttl=63 (truncated)

From 172.17.5.253 icmp_seq=36 Packet filtered

From 172.17.5.253 icmp_seq=38 Packet filtered

From 172.17.5.253 icmp_seq=43 Packet filtered

From 172.17.5.253 icmp_seq=48 Packet filtered

From 172.17.5.253 icmp_seq=53 Packet filtered

Does anybody know what's going on here?

This is the version:

Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500-IPBASEK9-M), Version 15.0(2)SG7, RELEASE SOFTWARE (fc2)

Thanks,

Stephan