Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

reflective access-list in a WS-C3560G-24TS

I have a reflective access-list in a switch doesn't seem to work. What I want is allow our campus traffic (141.225.0.0/16) to flow freely, and block outside traffic come in except for certain users. Allow inside network (141.225.216.0/24) to go outside without any problems. The problem is inside users cannot go outside except our campus network.

4 REPLIES
Silver

Re: reflective access-list in a WS-C3560G-24TS

Remove access list and see if it works. If it wworks fine ,remove and reconfigure the access list.Restart the router once the access list is configured newly.

Re: reflective access-list in a WS-C3560G-24TS

Hi,

You have configured HSRP on VLAN1 (141.225.216.0/24) interface. Did you configure the reflexive ACL on the other HSRP switch as well. If you didn't and the other HSRP switch is the active router for VLAN1 then could be a problem.

Regards,

Sundar

Silver

Re: reflective access-list in a WS-C3560G-24TS

Hello Guys,

Never say reboot the router after configuring something in Cisco. This is not a microsoft system or a trial and error system!

As for the problem, I really didn't get what you want exactly. However, you should apply the inbound access list (Traffic from inside to outside) on the in interface of the VLAN1 because your user's gateway is the VLAN interface and it is prefered to block traffic closest to the souce.

As for the outside to inside traffic it is has to be applied on the in interface of the outside interface.

Let me know if this helps and rate please,

Thanks,

New Member

Re: reflective access-list in a WS-C3560G-24TS

I talk to Cisco and Unfortunately, Reflexive Access Lists are not supported on a 3560 switches.

Thanks

187
Views
0
Helpful
4
Replies
CreatePlease login to create content