Hello my issue is regarding Intra-vlan ACL's. I have several vlans below in an example of what I am trying to set up using named lists. This is a 3550 EMI. I have tried several configurations regarding inbound and outbound applications to the vlan interface and I seem to get the same results that if a packet hits one rule it is allowing the traffic in both directions IE I just apply the permit tcp 10.8.20.0 0.0.0.63 10.8.16.248 0.0.0.7 on the inbound direction and it allows all the traffic from both 10.8.20.0 and 10.8.16.228 both ways. I watch my counters and establish sessions both ways. So when I break up the acls to inbound and outbound I get hits on both groups but when I remove one group and the traffic still flows both ways. I want to be able to establish communications from may subnets back to the 10.8.20.0 but do not what that subnet establishing them back to the other subnets
Second question I have is since both of these vlans are on the same box and .1 is the interface of each they can see each others .1 address in effect also their subnet as well as vty access. How do I block in this case vlan601 from accessing vty or even being able to ping the interface of another connected vlan? I have tried using a host entry with the interface IP and that did not work either.
Another example is where I moved all the rules to a single inbound list and sent 4 pings on from each from the 8.20 .0 and the 1.30.0 and all 8 ended up on the same rule. I am confused as to if source and destination really mean anything in the ACL's as I have a one way deny right below it that never gets touched
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...