Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Below is my ACL, applied to the interface inbound. Catalyst 2960CX. The first line was intented to allow DHCP. The second is intended to create host isolation. The host connected on this interface has an IP that is part of the network described in li...
Thank you so much for sticking with it. I have been thinking wrong about inbound and outbound, wow. I understand now and its one of those moments where the light bulb finally turns on. In my mind the acl was applying inbound to the sw from upstream, ...
I'm sorry, I'm not sure what you are getting at. The purpose of the dacl is to deny clients on this network from talking to each other, but still able to have internet connectivity.
Thanks for the reply. But still if IPDT is changing the any in the source to the IP of the client, then that line would look like this, correct:deny ip host 172.18.32.20 172.18.32.0 0.0.0.255and as I see it that would not match any traffic inbound on...
Yes I can elaborate and thank you for the replies. I have been testing with 3 clients all on this same network. Laptop 1: 172.18.32.10Laptop 2: 172.18.32.20Printer : 172.18.32.30Before pushing the dacl from radius (Clearpass not ISE) all clients can ...
So the other detail: it is a dacl coming from a radius server. I was forced to use "any" as the source in all lines, the switch rejected it otherwise saying "provisioning failed, reason: source not any". I've been reading some more but I am not clea...
