acl for traffic!

fly · ‎03-18-2007

r1----(G1)6509(VLAN10)------computer

i config acl (deny any any)apply to interface vlan10 on 6509, whatever in or out, I found i can ping vlan 10 interface ip address from R1.

But i can't ping vlan 10 interface ip address in 6509.

how can i config acl to block traffic from r1 to reach interface vlan 10 on 6509.

I don't like place acl in G1 interface.

how can I block traffic originated with 6509 to reach interface vlan 10 interface ip address or computer below it!

thank you!

Amit Singh · ‎03-18-2007

Do you want to block the traffic with in the Vlan 10. Please explain it again.

-amit singh

flashsplash · ‎03-19-2007

and paste ur config pls...

ciao flash

fly · ‎03-19-2007

r1----(g1)6509(vlan10)-----computer

i want block traffic from r1 to computer in vlan 10.

I know i can config acl on interface g1. But customer don't agree.

i config one acl ,and apply to interface vlan 10 on 6509. both in and out

acl is simple deny ip any any.

I found i can ping vlan 10 interface ip address from r1.

but i can't ping vlan 10 interface ip address in 6509 .

customer want block traffic from r1 to vlan 10 and also not reach vlan 10 interface ip address.

how can i do this, if i can't apply acl on interface G1.

thank you!