The access lists as you have configured them - your access list 1 permits 192.168.1.0 but does not permit anything else. So VLAN 3 is denied from communicating with VLAN 2 already and you may not need access list 2. But access list 2 as you have configured it will explicitly deny 192.168.2.0 and then the implicit deny will deny everything else. So if you apply access list 2 as configured it will have the result of denying ALL traffic.
The question of where to place access lists can become complicated. When dealing with standard access lists it is generally best practice to place them as close to the destination as is possible, which would usually mean on every switch rather than just on the core. If you configure extended access lists it may be more practical to place them on the core.
If you apply the access list to VLAN 2 interface then the only traffic that it affects is traffic going through the VLAN 2 interface. It may have statements for addresses of various other VLANs but unless the traffic is passing through the VLAN 2 interface it will not be impacted by the access list.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...