03-28-2019 07:59 AM
!
interface Vlan304
ip address 10.34.4.1 255.255.255.0
ip helper-address 10.34.0.32
no ip redirects
ntp broadcast client
!
interface Vlan305
description 5Th Floor Closet B
ip address 10.34.5.1 255.255.255.0
ip access-group SEC-SEGMENTATION-L1 out
ip helper-address 10.34.0.32
no ip redirects
ntp broadcast client
!
Even thought the ACL is applied out the access is being blocked from vlan 304 to vlan 305 on the same switch.
03-28-2019 08:03 AM
Hi there,
it is probably the return traffic which is being blocked. Remember it is not a stateful firewall.
Care to share the contents of the ACL?
cheers,
Seb.
03-28-2019 03:08 PM
Hi,
Please note that an ACL applied outbound on the Vlan305 interface filters traffic to clients/machines on that vlan. Consequently your SEC-SEGMENTATION-L1 ACL filters traffic from anywhere (including Vlan304) to the Vlan305 clients/machines.
Best regards,
Antonin
03-28-2019 10:06 PM
Hi,
interface Vlan305 ip access-group SEC-SEGMENTATION-L1 out
Here is the word "OUT" is saying that any traffic which is Going FROM VLAN 305 to 304 will scan and blocked if required.
Even thought the ACL is applied out the access is being blocked from vlan 304 to vlan 305 on the same switch
Something seems wrong in the ACL configuration.
Regards,
Deepak Kumar
03-29-2019 03:49 AM
03-29-2019 03:45 AM - edited 03-29-2019 03:47 AM
"Even thought the ACL is applied out the access is being blocked from vlan 304 to vlan 305 on the same switch."
Well, as Seb asked, without seeing your ACL, cannot say why it's happening. However, (as also noted by Antonin) traffic going to VLAN 305 ports would be subject to the "out", so traffic from VLAN 304 would be subject to the "out" ACL on VLAN 305. Also as noted by Seb, assuming there's two way traffic between VLANs 304 and 305, the ACL on VLAN 305 will process at least one "direction" of that traffic. I.e. VLAN 304 to 305 would be processed by the ACL as would VLAN 305 to 304's return traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide