Jump to content


Access list on Cisco 3750

Access list on Cisco 3750

  • Please log in to reply
2 replies to this topic

#1 ANILSHARMA

ANILSHARMA

    Member

  • Members
  • PipPip
  • 55 posts

Posted 21 August 2013 - 09:53 PM

Guys -

I have a stack of switches (3750) that have multiple vlan's on them. One of the VLAN's has an access list applied to it in the "in" direction. The ACL has the following entries. The VLAN is numbered 101.
 
access-list 101 deny tcp any host 10.211.11.131
access-list 101 deny tcp any host 19.87.106.29
access-list 101 permit tcp any any
 
But is not working please help.
 

If we apply sangal vlan than it's working.
 


Thanks!  

 


  • 0

#2 martinlo

martinlo

    V.I.P. Member

  • Global Moderators
  • PipPipPipPipPip
  • 2697 posts
  • Gender:Male
  • Location:Land Of 10,000 Lakes

Posted 22 August 2013 - 06:31 AM

what does or not work? or what traffic u need to block?;  there is also  a VLAN ACL , aka VACL ;  maybe that what u need?


  • 0

#3 The Wizard of id

The Wizard of id

    Advanced Member

  • Members
  • PipPipPip
  • 377 posts
  • Gender:Male
  • Location:id

Posted 14 February 2014 - 10:28 AM

Access lists on VLANs do not work in the same way as on interfaces.  Indeed, the work almost opposite.

 

If you apply and access list "in" on an interface it inspects traffic entering the switch/router, likewise, applying it as "out" inspects outbound traffic for interesting traffic and permits and denies accordingly.

 

On VLANs. the ACL applied "in" actually inspects traffic leaving the VLAN and heading of to wherever its routed.  Applying an ACL "out" will inspect traffic coming it to it from other locations.

 

Confusing I know, not my decision and I don't know why Cisco wouldn't change this!


  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users