C4K ACLs

Unanswered Question
Jun 4th, 2009
User Badges:

I'm trying to apply an ACL to an access-layer interface on a Catalyst 4500 running 12.2(50)SG


The ACL looks emphatic to me ... but in fact, it has no effect on traffic -- the end-station attached to this interface is unaffected and can ping, query DNS, etc.


test-esx#sh ip access-list block-all

Standard IP access list block-all

10 deny any

test-esx#


test-esx#sh run int Gi4/48

Building configuration...


Current configuration : 199 bytes

!

interface GigabitEthernet4/48

switchport access vlan 74

switchport mode access

ip access-group block-all in

ip access-group block-all out

spanning-tree portfast

spanning-tree guard none

end


test-esx#


Is this function supported? i.e. would we expect a C4K to be able to filter IP traffic on physical interfaces?


--sk


Stuart Kendrick

FHCRC

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco_lad2004 Thu, 06/04/2009 - 09:39
User Badges:
  • Gold, 750 points or more

Stuart,


Is there another ACL applied for VLAN 74 ? AFAIK MAC ACLs will take precedence over L3 ACL if both configured at same time.


Sam

Actions

This Discussion