Hi,
I have a IP ACL applied to a SVI on a Nexus 7K, I understand that this is referred to as a 'router-acl'. My understanding is that this ACL should only apply to traffic going to/from a different subnet.
See Figure 11-2
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os-cfg/sec_ipacls.pdf
Why then do I see blocked 'intra' VLAN traffic?
N7K# sh logging ip access-list cache
Src IP Dst IP S-Port D-Port Src Intf Protocol Hits
------------------------------------------------------------------------------------------------
10.10.35.26 10.10.35.102 0 0 Ethernet4/30 (1)ICMP 3
10.10.35.26 10.10.35.1 0 0 Ethernet4/30 (1)ICMP 2
10.10.35.26 10.10.35.27 0 0 Ethernet4/30 (1)ICMP 4
10.10.35.26 10.10.190.1 0 0 Ethernet4/30 (1)ICMP 1
10.10.35.26 10.10.35.100 0 0 Ethernet4/30 (1)ICMP 4
Please can someone explain why 'intra' VLAN traffic is being blocked by a router-acl?
Many thanks!