Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
0
Helpful
3
Replies

Need helps about Access-list on interface Vlan!

truongthanhsang
Level 1
Level 1

‎10-21-2016 10:41 PM - edited ‎03-08-2019 07:53 AM

Hi community,

I have a switch stack Cisco 3850 run IOS-XE. On this stack, I have 3 interface Vlan: 8, 10 and 12. I have configured vlan  access-map for filtering traffic into Interface Vlan 10 and VLan 12. And I have configured an ACL for Interface VLan 8, and I applied out this ACL on interface vlan 8. But I have a problem with this ACL, it causes two workstations in this interface vlan 8 can not connect together. Please help me to resolve this problem. These configuration run all good on the switch Cisco 3560 with old IOS.

Thanks!

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎10-22-2016 07:33 AM

If two workstations are in vlan 8 they should be able to communicate with each other directly and should not need the switch to communicate. If applying the ACL to the vlan interface does prevent their communication it suggests that something is not configured correctly such as an incorrect mask on the hosts that makes them believe that they need a gateway to communicate. Can you post the output of ipconfig (or similar command if they are not Windows) from both PC and also the config of the switch?

HTH

Rick

HTH

Rick
0 Helpful

truongthanhsang
Level 1
Level 1
In response to Richard Burts

‎10-23-2016 08:14 PM

Hi Rick,

The subnet mask and gateway on two workstations are the same. Here is the some configuration that relate this vlan

interface Vlan8
ip address 172.16.8.254 255.255.255.0
ip access-group DVL8 out
!
ip access-list extended DVL8
permit ip 172.16.1.0 0.0.0.255 172.16.8.0 0.0.0.255
permit ip 172.17.0.0 0.0.255.255 172.16.8.0 0.0.0.255
permit ip 172.16.10.0 0.0.0.255 172.16.8.0 0.0.0.255
deny ip any any

!

Thanks and Best Regards,

Sang Truong

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to truongthanhsang

‎11-01-2016 01:53 PM

Sang Truong

Sorry for delayed response but things have been very busy. Thank you for the additional information. Am I correct that you are saying that with this config that two hosts that are in vlan 8 are no longer able to communicate with each other? I do not see anything in this config that would explain this issue. Please provide information about how these hosts are configured.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card