Guys, please i want help regarding to acl applying on the circit?
i have two vlans trunked into the CSS i want to permit only port 1080 from lets say VLAN1 to VLAN2
but when applying the clasuses into vlan1 only or vlan2 only the acl is not working (i mean server from vlan1 still ping server in vlan2)
BUT i tried to apply on both vlan1 and vlan2 its working fine !!!!!
im totally lost and confused... i just tried it as a last try and it worked !!
please any body can tell me the logic of applying the ACL into the VLAN Circuit ? where ? near to the source or near the destination ??
The ACL needs to be applied on VLAN 2073, but you need to create a second ACL on VLAN 2074 with a permit any any statement. As per the configuration you sent me, the ACL seems properly configured, except that VLAN 2074 is on ACL 1.
Leave ACL 1 as it is but remove the line ?apply circuit-(VLAN2074)? ( use the command ?remove circuit-(VLAN2074)?
Then create an ACL 2 that looks like this:
clause 17 permit any any destination any
Then, do not forget to enable the acls globally on the CSS with this command: ?(config)#acl enable?
One thing to remember, if you are doing a telnet to the CSS, make sure that your source IP is not on the VLAN 2073 when you enable the acls globally, or you will be disconnected and try not to do this in production. Thanks!