I am trying to stop all traffic between specific hosts in separate vlans. Here is my access-list.
Extended IP access list 101
10 deny ip host 10.21.224.230 host 10.21.223.236
20 deny ip host 10.21.224.231 host 10.21.223.236
30 deny ip host 10.21.224.232 host 10.21.223.236
40 deny ip host 10.21.224.230 host 10.21.223.237
50 deny ip host 10.21.224.231 host 10.21.223.237
60 deny ip host 10.21.224.232 host 10.21.223.237
70 deny ip host 10.21.224.230 host 10.21.223.238
80 deny ip host 10.21.224.231 host 10.21.223.238
90 deny ip host 10.21.224.232 host 10.21.223.238
100 permit ip any any
I applied that access list to the vlan interface OUT that the 10.21.224.x hosts reside and I am still able to ping the .223 hosts from the .224 hosts. I assume I am missing something simple here. Any help is appreciated and thank you!
I figured it out, I was getting my In and Out applications backwards. I needed to apply the ACL to the VLan interface Inbound instead of outbound.
The other question I have if anyone can answer is will this stop traffic bi-directionally or do I need to apply the inverse of this to the Vlan that houses the 10.21.223.x to stop traffic bi-drectionally?
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...