i have 4 vlans created using intervlan routing:
adm - 192.168.10.254
dev - 192.168.11.254
voice - 192.168.12.254
printers - 192.168.13.254
and a router (192.168.14.254) on interface FE0/1 (192.168.14.253) (used ip routing)
I want to block access from dev to adm but allow from adm to dev and all the remaining traffic.
I have created the following acls
access-list 100 deny ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 100 permit ip any any
this acl argument where used in vlan dev in outbound.
ip access-group 100 out
this acl arguments come from the idea that a cisco switch would process the acl argument from top to bottom and when
a match is found it would stop processing the rest of acl arguments below.
i.e A host from 192.168.11.x trying to reach a host in 192.168.10.x sould match the acl:
access-list 100 deny ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
and stop processing the remaining arguments:
access-list 100 permit ip any any
but what really happens is that all traffic is allowed
P.S. This is the first time i am implementing acls so i think i might not grasped cisco acls behaviour so an explanation on
how acls works in this switch and a practical example would correct my misknowledge of acl behaviour.
any hints are welcome.
thanks in advance.