Is vlan 599 the vlan where 10.2.2.2 lives or 10.1.1.1.
If it is 10.2.2.2 then your access-list applied on the vlan 599 interface inbound will have no effect ie.
your access-list says permit ip (presumably) from 10.1.1.1 to 10.2.2.2.
If vlan 599 is the vlan for 10.1.1.1 then it will work fine. But if vlan 599 is the vlan for 10.2.2.2 then it will actually block the return traffic and it will do this because of the implicit deny at the end of access-list 180 because the return traffic is
source 10.2.2.2 destination 10.1.1.1 which doesn't match the "access-list 180 permit ip host 10.1.1.1 host 10.2.2.2. However there is an implict deny at the end of access-lust 180 so it will be dropped.
So if vlan 599 is the vlan for 10.2.2.2 you need to apply acl 180 inbound on the vlan interface that connects to 10.1.1.1.
1) No you don't because ACL 180 is only applied inbound on interface vlan 599. So when the return traffic comes back from 10.2.2.2 it will be be outbound traffic on vlan 599 and as you don't have an acl in the outbound direction you will be fine.
2) Do you mean 10.2.2.3 and not 10.2.2.2 because i thought you wanted to allow traffic to and from 10.2.2.2 ?
if all your access-list 180 says is
access-list 180 permit ip host 10.1.1.1 host 10.2.2.2
then you have an implicit deny at the end of the acl so in effect all traffic from vlan 599 will be blocked except traffic from 10.1.1.1 to 10.2.2.2.
If this is not what you want
access-list 180 deny host 10.1.1.1 host 10.2.2.3
access-list 180 permit ip any any
ie. only stop traffic from vlan 599 to 10.2.2.3.
If you want to actually stop 10.2.2.3 from intiating a connection to 10.1.1.1 then
access-list 181 deny ip host 10.2.2.3 host 10.1.1.1
access-list 181 permit ip any any
then apply to interface that 10.2.2.3 lives on eg.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...