Solved: VACL's configuration not working properly

MICHAEL CICCONE · ‎09-22-2008

Hello,

I'm new to VACL's. I have the following configured but its not working:

ip access-list extended chris_codomino1

permit ip host 172.16.14.59 host 10.1.1.10

ip access-list extended grant_all

permit ip any any

ip access-list extended no_access_codomino1

deny ip any host 10.1.1.10

vlan access-map ABC123 10

match ip address chris_codomino1

action forward

vlan access-map ABC123 20

match ip address no_access_codomino1

action drop

vlan access-map ABC12330

match ip address grant_all

action forward

!

vlan filter codomino1 vlan-list 4

What I thought it should do is allow IP 172.16.14.59 access to 10.1.1.10 but deny all other access to this server and then allow all other traffic to flow to/from vlan 4.

Can someone tell me what I'm doing wrong?

Thanks

Mike

dgroscost · ‎09-22-2008

Change your 'ip access-list extended no_access_codomino1' to PERMIT ip any host 10.1.1.10. You are only selecting traffic pattens to match in the access-list, the class maps/action syntax will handle the actual drop or discarding of traffic.

That should resolve the issue.

View solution in original post

dgroscost · ‎09-22-2008

Change your 'ip access-list extended no_access_codomino1' to PERMIT ip any host 10.1.1.10. You are only selecting traffic pattens to match in the access-list, the class maps/action syntax will handle the actual drop or discarding of traffic.

That should resolve the issue.

MICHAEL CICCONE · ‎09-23-2008

Thanks for the help. I really appreciate it.