10-27-2017 08:47 AM - edited 03-01-2019 06:12 PM
I set up two access lists -- one for inbound traffic; the other for outbound. The purpose is to create a Vlan to quarantine Vlan machines in the VmWare environment that get infected with malware.
Then I apply them to Vlan 499
Problem is when I apply them, no traffic can get in or out as far as I can tell. Even if I set the IP manually, the clients report "Destination net unreachable" and the target server outside never sees the traffic. If I remove the access lists, all works correctly.
The rules look right to me but I am, obviously, doing something wrong. Any help is appreciated.
10-28-2017 09:44 AM
If you are saying those host are not passing traffic then you have a problem but if you are saying hosts different from those on the ACL is not passing traffic then this is the expected behavior.
-If I helped you somehow, please, rate it as useful.-
11-01-2017 11:02 AM - edited 11-01-2017 11:40 AM
Hello,
I think you need to permit your vlan 499 network within the ACLs. Right now it appears it's being denied via the "deny ip any any" statement.
Edit: Disregard above statement, for some reason I didn't realize the "any" statements.
Edit2: Maybe try following:
ip access-list extended vlan499
10 permit ip 192.168.192.0 0.0.0.255 any
20 permit ip host 10.212.3.3 any
30 permit ip host 10.212.3.99 any
40 permit ip host 10.212.3.26 any
50 permit ip host 10.212.3.27 any
60 permit ip host 10.212.3.61 any
70 permit ip host 198.204.114.92 any
100 deny ip any any log
!
interface Vlan499
description Kill it with fire
ip access-group vlan499 in
ip access-group vlan499 out
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide