Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10171
Views
20
Helpful
16
Replies

Simple Nexus Access List Question

hayesa
Level 1
Level 1

‎06-01-2018 11:09 AM - edited ‎03-08-2019 03:13 PM

Hello,

 

I am running nxos 7.0(3)I7(3) and I'm confused on why I can't get a simple access list to work.

Maybe it's my unfamiliarity with the Nexus OS.

I am trying to block ICMP ping requests with the following:

 

ip access-list TEST
10 deny icmp any any

 

interface Ethernet1/1
ip port access-group TEST in
no switchport
ip address x.x.x.x/x
ip router eigrp xxxxx
no shutdown

 

 

I'm having absolutely no luck. Any ideas?

 

-Austin

Labels:
0 Helpful
16 Replies 16

sdekooter
Level 1
Level 1
In response to hayesa

‎02-25-2019 07:13 AM

Did you get any usefull responses from the TAC?

I run into the exact same issue with same NXOS version.. in my case 

ip access-list match-local-traffic

worked around it though, thanks @Peter Paluch !

0 Helpful

wj343
Level 1
Level 1
In response to hayesa

‎05-16-2020 01:39 PM

Were you able to get a resolution from TAC regarding this issue?

 

I'm experiencing similar symptoms with my N3k switch. I tried adding "ip access-list match-local-traffic", but that only partially works:

  • ICMP is blocked when the ACL is applied as a RACL on the SVI
  • Other services (snmp, bgp, ntp, etc.) are not blocked correctly when applied as a RACL on the SVI
  • ICMP is not blocked correctly when the ACL is applied as a PACL on the L2 port (counters are incremented though)
  • Similarly, other services are not blocked correctly when the ACL is applied as a PACL
0 Helpful
Customers Also Viewed These Support Documents