VACL's configuration not working properly

Answered Question
Sep 22nd, 2008

Hello,

I'm new to VACL's. I have the following configured but its not working:

ip access-list extended chris_codomino1

permit ip host 172.16.14.59 host 10.1.1.10

ip access-list extended grant_all

permit ip any any

ip access-list extended no_access_codomino1

deny ip any host 10.1.1.10

vlan access-map ABC123 10

match ip address chris_codomino1

action forward

vlan access-map ABC123 20

match ip address no_access_codomino1

action drop

vlan access-map ABC12330

match ip address grant_all

action forward

!

vlan filter codomino1 vlan-list 4

What I thought it should do is allow IP 172.16.14.59 access to 10.1.1.10 but deny all other access to this server and then allow all other traffic to flow to/from vlan 4.

Can someone tell me what I'm doing wrong?

Thanks

Mike

I have this problem too.
0 votes
Correct Answer by dgroscost about 8 years 2 months ago

Change your 'ip access-list extended no_access_codomino1' to PERMIT ip any host 10.1.1.10. You are only selecting traffic pattens to match in the access-list, the class maps/action syntax will handle the actual drop or discarding of traffic.

That should resolve the issue.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
dgroscost Mon, 09/22/2008 - 12:37

Change your 'ip access-list extended no_access_codomino1' to PERMIT ip any host 10.1.1.10. You are only selecting traffic pattens to match in the access-list, the class maps/action syntax will handle the actual drop or discarding of traffic.

That should resolve the issue.

Actions

This Discussion