C4K ACLs

Unanswered Question
Jun 4th, 2009

I'm trying to apply an ACL to an access-layer interface on a Catalyst 4500 running 12.2(50)SG

The ACL looks emphatic to me ... but in fact, it has no effect on traffic -- the end-station attached to this interface is unaffected and can ping, query DNS, etc.

test-esx#sh ip access-list block-all

Standard IP access list block-all

10 deny any

test-esx#

test-esx#sh run int Gi4/48

Building configuration...

Current configuration : 199 bytes

!

interface GigabitEthernet4/48

switchport access vlan 74

switchport mode access

ip access-group block-all in

ip access-group block-all out

spanning-tree portfast

spanning-tree guard none

end

test-esx#

Is this function supported? i.e. would we expect a C4K to be able to filter IP traffic on physical interfaces?

--sk

Stuart Kendrick

FHCRC

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cisco_lad2004 Thu, 06/04/2009 - 09:39

Stuart,

Is there another ACL applied for VLAN 74 ? AFAIK MAC ACLs will take precedence over L3 ACL if both configured at same time.

Sam

Actions

This Discussion