Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
0
Helpful
3
Replies

problem with VACL

mohammed alsaadi
Level 1
Level 1

‎04-13-2016 02:26 AM - edited ‎03-08-2019 05:20 AM

HI

I’m try to apply VACL on a switch 3560-c, the configuration as the following

 

**********************************************************************************

Building configuration...

 

Current configuration : 1276 bytes

!

! Last configuration change at 00:35:46 UTC Mon Jan 2 2006

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

no aaa new-model

system mtu routing 1500

!

vtp mode transparent

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan access-map map 10

 match ip address 100

 action forward

vlan access-map map 20

 action drop

!

vlan filter map vlan-list 1

vlan internal allocation policy ascending

!

vlan 100-103,110,200

!

interface FastEthernet0/1

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

 ip address 10.10.10.100 255.255.255.0

!

ip http server

ip http secure-server

!

!

ip access-list extended valn1

 permit ip host 10.10.10.10 host 10.10.10.20

 permit ip host 10.10.10.20 host 10.10.10.10

!

!

!

line con 0

line vty 5 15

!

end

**************************************************************

 

 

 

When I ping from 10.10.10.10 to 10.10.10.20,it success for approx.  5minutes then  "requset time out "

 

 

Please I need help

Labels:
0 Helpful
3 Replies 3

dukenuk96
Level 3
Level 3

‎04-22-2016 01:59 AM

Hi

configuration seems correct, try to enable logging for drops, if it does not reveal anything, run sniffer on both machines and look what happens when timeouts come back.

0 Helpful

paul driver
VIP
VIP

‎04-22-2016 02:59 AM

Hello

You extended ACL isn't being called in the VACL

vlan access-map map 10

 match ip address 100

ip access-list extended valn1


res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

mohammed alsaadi
Level 1
Level 1
In response to paul driver

‎04-22-2016 03:22 AM

Dear Paul

you right , i correct it but that is not solving the problem .

i did some search , i found that i need to add mac access-list 

permit any any 0x0806 0x0000
permit any any lsap 0xAAAA 0x0000

and add it in vlan access map , with this lines there is no problem

for more look at this 

http://cauew.blogspot.com/2008/08/vacl-vlan-maps-mac-acl.html?m=1

thanks all

0 Helpful
Customers Also Viewed These Support Documents