Sign in to follow this  
Followers 0
ANILSHARMA

Access list on Cisco 3750

3 posts in this topic

Guys -

I have a stack of switches (3750) that have multiple vlan's on them. One of the VLAN's has an access list applied to it in the "in" direction. The ACL has the following entries. The VLAN is numbered 101.
access-list 101 deny tcp any host 10.211.11.131
access-list 101 deny tcp any host 19.87.106.29
access-list 101 permit tcp any any
But is not working please help.

If we apply sangal vlan than it's working.


Thanks!

 

0

Share this post


Link to post
Share on other sites

what does or not work? or what traffic u need to block?; there is also a VLAN ACL , aka VACL ; maybe that what u need?

0

Share this post


Link to post
Share on other sites

Access lists on VLANs do not work in the same way as on interfaces. Indeed, the work almost opposite.

 

If you apply and access list "in" on an interface it inspects traffic entering the switch/router, likewise, applying it as "out" inspects outbound traffic for interesting traffic and permits and denies accordingly.

 

On VLANs. the ACL applied "in" actually inspects traffic leaving the VLAN and heading of to wherever its routed. Applying an ACL "out" will inspect traffic coming it to it from other locations.

 

Confusing I know, not my decision and I don't know why Cisco wouldn't change this!

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0