06-24-2009 10:37 PM - edited 03-06-2019 06:26 AM
i have created one vlan500 (GW 10.13.109.1) and it is in active.
i defined one accesslist group like below....
ip access-list extended GUEST_ACCESS
deny ip 10.12.0.0 0.0.255.255 any
deny ip 10.146.0.0 0.0.255.255 any
deny ip 10.15.0.0 0.0.255.255 any
deny ip 10.24.0.0 0.0.255.255 any
deny ip 10.10.0.0 0.0.255.255 any
deny ip 10.18.0.0 0.0.7.255 any
deny ip 10.17.0.0 0.0.15.255 any
deny ip 10.16.0.0 0.0.0.255 any
i applied the above accessgroup for vlan500 but still i am able to ping from this vlan to above denied networks (i am trying extended ping)
This is strange for me, Experts can anybody help me please....
Regards,
Naidu.
06-24-2009 10:55 PM
Hello Naidu,
in what direction have you applied this ACL?
inbound
ip access-group GUEST_ACCESS in
or outbound
ip access-group GUEST_ACCESS out
this could explain what you see.
if the ACL is applied outbound means towards core not towards users in vlan, and those source ip subnets don't appear as source but as destinations
Hope to help
Giuseppe
06-24-2009 11:01 PM
Hi Giuseppe,
Thanks for your quick response.
I tried both ways in & out but still not working and this is what seems strange for me.
Regards,
Naidu.
06-24-2009 11:09 PM
Hi Naidu,
Tha ACL that you applied to the vlan interface is effective only for traffic traversing the switch or router.
Traffic generated by the switch is not affected by this ACL, when the ACL is applied outbound.
So if you originate pings from the same switch where you applied the ACL to the vlan interface, the pings are generated by the switch itself.
So the ACL will not filter that traffic.
Try generating pings (traffic) on a different device so the traffic traverses this switch but not originated on this switch.
Cheers:
Istvan
06-24-2009 11:09 PM
Hi Naidu,
Did you tried to ping from your pc when connected to vlan 500 instead of from the switch. I suppose you ping from the switch via source interface?
Did you test with reversing destination and source in your acl?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide