06-04-2009 08:59 AM - edited 03-06-2019 06:06 AM
I'm trying to apply an ACL to an access-layer interface on a Catalyst 4500 running 12.2(50)SG
The ACL looks emphatic to me ... but in fact, it has no effect on traffic -- the end-station attached to this interface is unaffected and can ping, query DNS, etc.
test-esx#sh ip access-list block-all
Standard IP access list block-all
10 deny any
test-esx#
test-esx#sh run int Gi4/48
Building configuration...
Current configuration : 199 bytes
!
interface GigabitEthernet4/48
switchport access vlan 74
switchport mode access
ip access-group block-all in
ip access-group block-all out
spanning-tree portfast
spanning-tree guard none
end
test-esx#
Is this function supported? i.e. would we expect a C4K to be able to filter IP traffic on physical interfaces?
--sk
Stuart Kendrick
FHCRC
06-04-2009 09:39 AM
Stuart,
Is there another ACL applied for VLAN 74 ? AFAIK MAC ACLs will take precedence over L3 ACL if both configured at same time.
Sam
06-04-2009 10:30 AM
Ah, turns out my error ... wrong interface. --sk
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide