Not sure what you are asking here , it looks like it is working ok , you are getting hits on the deny statements for the 2 networks and you are permitting everything else . How do you know traffic from those 2 networks is not being blocked ???
That's pretty well what he did, isn't it? Except he wants to deny those subnets access to anything at all.
There are several ways the traffic could be getting round the access lists. Are there any other switches or routers on the (layer-2) VLAN? Could they be using those as a gateway instead?
Or maybe even there is one of those hosts that is connected to a port that isn't on that VLAN at all. He would still be able to source from those addresses, even if the routers wouldn't know where to send his replies. That sort of thing can be traced by tracking down the MAC address.
By the way, don't place too much confidence in the packet counts on the deny lines. I can recount my experience with a 4500 switch that the access list also counts packets that were not addressed through the gateway, but which were supposed to be switched purely at layer-2 within the VLAN. Something to do with the ASIC design.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...