We plan to implement ACL on L3 vlan on 6509 switches I have set up a lab on a 3750 with the output below
ip address 192.168.1.10 255.255.255.0
ip access-group test in
ip address 192.168.2.10 255.255.255.0
Extended IP access list test
10 permit ip host 192.168.1.3 host 192.168.2.1 (3 matches)
50 deny ip any any (143 matches)
After implementing the ACL 192.168.1.3 can speak to 192.168.2.1 on the other hand connection initiated from 192.168.2.1 directed to 192.168.1.3 are also working Is there a way we can implement only one way traffic using ACL on L3 vlans
What are you trying to do? Here's what I see from your acl:
Permit communication from 192.168.1.3 to 192.168.2.1. Deny to everything else, but on the vlan for 192.168.2.0/24 you don't have an access list. If you ping from 192.168.2.1 to 192.168.1.3, you'll still get a response because 192.168.1.3 is allowed to talk to that box. On the other hand, if you were to try to ping from another host, 192.168.2.50, you should get dropped packets from the acl on your vlan361 svi.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.