I have VLAN500 on a 6509, with a network of 172.17.x.x and I want to apply an extended ACL to allow any host on that VLAN to telnet to a host on VLAN 600 (network 17.16.x.x). So I created the following ACL
Extended IP access list VLAN500
permit tcp any host 172.16.8.53 eq telnet
and added this line to the VLAN500 interface:
ip access-group VLAN500 out
And it didn't work, until I changed the interface statement to:
ip access-group VLAN500 in
And it really doesn't make sense to me that I would have to apply it in. Why wouldn't I apply it out since any host on the local VLAN can telnet out to a host on another VLAN? If anyone can explain this to me, it would be appreciated. Thanks in adavance.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.