Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
0
Replies

Intra VLAN traffic blocked by SVI ACL

JW_UK
Level 1
Level 1

‎06-23-2016 08:50 AM - edited ‎03-08-2019 06:20 AM

Hi,

I have a IP ACL applied to a SVI on a Nexus 7K, I understand that this is referred to as a 'router-acl'. My understanding is that this ACL should only apply to traffic going to/from a different subnet.

See Figure 11-2

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os-cfg/sec_ipacls.pdf

Why then do I see blocked 'intra' VLAN traffic?

N7K# sh logging ip access-list cache

Src IP        Dst IP     S-Port    D-Port    Src Intf         Protocol           Hits

------------------------------------------------------------------------------------------------

10.10.35.26     10.10.35.102      0       0         Ethernet4/30 (1)ICMP               3

10.10.35.26     10.10.35.1        0       0         Ethernet4/30 (1)ICMP               2

10.10.35.26     10.10.35.27       0       0         Ethernet4/30 (1)ICMP               4

10.10.35.26     10.10.190.1       0       0         Ethernet4/30 (1)ICMP               1

10.10.35.26     10.10.35.100      0       0         Ethernet4/30 (1)ICMP               4

Please can someone explain why 'intra' VLAN traffic is being blocked by a router-acl?

Many thanks!

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card