Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access list problem

Hi guys, can someone please have a look at this ACL? its acting strange on my 3750. i have a port in vlan 10 (192.168.100.x)and the rest in vlan 1 (10.x.x.x). the 192.168.4.0 network is on another connected router without ACL's.

access-list 120 deny ip 192.168.100.0 0.0.0.255 192.168.4.0 0.0.0.255

access-list 120 permit ip any

int vlan 10

ip access-group 120 in

when i apply this vlan 10 traffic cant get to the 192.168.4.x network but neither can traffic in vlan 1. Is the config different on subinterfaces?

3 REPLIES

Re: Access list problem

line 2:

access-list 120 permit ip any

should probably read:

access-list 120 permit ip any any

Regards,

Leo

New Member

Re: Access list problem

did that (i mistyped). Scratching my head why vlan 1 traffic would be affected. Even if i put a blanket deny ip any any in providing i only applied it to vlan 10 in it shouldnt affect vlan 1 traffic. my question is are VACL's tricky to implement? or should this VACL work?

VIP Purple

Re: Access list problem

Hello,

you could try a VLAN ACL instead and see if that works any better>

vlan access-map BLOCK 10

action drop

match ip address 100

vlan access-map BLOCK 20

action forward

vlan filter BLOCK vlan-list 10

!

access-list 100 permit ip 192.168.100.0 0.0.0.255 192.168.4.0 0.0.0.255

Regards,

GP

95
Views
0
Helpful
3
Replies