Solved: WAAS IP ACL not matching traffic

markus.schwaiger · ‎11-04-2013

Hi,

i'm trying to configure some ip access-lists on a WAAS but it seems that it's not matching the traffic.

interface InlineGroup 1/0

inline vlan all

ip access-group test in

exit

ip access-list extended test

deny icmp any any

exit

Im still able to ping wherever i want.

Any ideas? Or is it not possible to handle traffic with ACLs like that on WAAS?

Thanks,

Markus

rajsures · ‎11-05-2013

Hi Markus,

Interface ACL—Applied on the built-in, port channel, standby, and inline group interfaces. This type of ACL is intended to control management traffic (Telnet, SSH, and Central Manager GUI). The ACL rules apply only to traffic that is destined for the WAE or originates from the WAE, not WCCP transit traffic. Use the

ip access-group interface configuration command to apply an interface ACL.

As explained above the ACL rule apply only to traffic destined to the WAE or originated from the WAE and not for transit traffic. Hope this helps.

Thanks,

Rajesh

View solution in original post

rajsures · ‎11-05-2013

Hi Markus,

Interface ACL—Applied on the built-in, port channel, standby, and inline group interfaces. This type of ACL is intended to control management traffic (Telnet, SSH, and Central Manager GUI). The ACL rules apply only to traffic that is destined for the WAE or originates from the WAE, not WCCP transit traffic. Use the

ip access-group interface configuration command to apply an interface ACL.

As explained above the ACL rule apply only to traffic destined to the WAE or originated from the WAE and not for transit traffic. Hope this helps.

Thanks,

Rajesh

markus.schwaiger · ‎11-05-2013

Thanks Rajesh,

thanks for the explanation. Thats the info i was searching for.

Best,

Markus