Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VACL's configuration not working properly

Hello,

I'm new to VACL's. I have the following configured but its not working:

ip access-list extended chris_codomino1

permit ip host 172.16.14.59 host 10.1.1.10

ip access-list extended grant_all

permit ip any any

ip access-list extended no_access_codomino1

deny ip any host 10.1.1.10

vlan access-map ABC123 10

match ip address chris_codomino1

action forward

vlan access-map ABC123 20

match ip address no_access_codomino1

action drop

vlan access-map ABC12330

match ip address grant_all

action forward

!

vlan filter codomino1 vlan-list 4

What I thought it should do is allow IP 172.16.14.59 access to 10.1.1.10 but deny all other access to this server and then allow all other traffic to flow to/from vlan 4.

Can someone tell me what I'm doing wrong?

Thanks

Mike

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: VACL's configuration not working properly

Change your 'ip access-list extended no_access_codomino1' to PERMIT ip any host 10.1.1.10. You are only selecting traffic pattens to match in the access-list, the class maps/action syntax will handle the actual drop or discarding of traffic.

That should resolve the issue.

2 REPLIES
New Member

Re: VACL's configuration not working properly

Change your 'ip access-list extended no_access_codomino1' to PERMIT ip any host 10.1.1.10. You are only selecting traffic pattens to match in the access-list, the class maps/action syntax will handle the actual drop or discarding of traffic.

That should resolve the issue.

New Member

Re: VACL's configuration not working properly

Thanks for the help. I really appreciate it.

253
Views
0
Helpful
2
Replies