reflective access-list in a WS-C3560G-24TS

cwangskr · ‎08-11-2006

I have a reflective access-list in a switch doesn't seem to work. What I want is allow our campus traffic (141.225.0.0/16) to flow freely, and block outside traffic come in except for certain users. Allow inside network (141.225.216.0/24) to go outside without any problems. The problem is inside users cannot go outside except our campus network.

thomas.chen · ‎08-17-2006

Remove access list and see if it works. If it wworks fine ,remove and reconfigure the access list.Restart the router once the access list is configured newly.

sundar.palaniappan · ‎08-17-2006

Hi,

You have configured HSRP on VLAN1 (141.225.216.0/24) interface. Did you configure the reflexive ACL on the other HSRP switch as well. If you didn't and the other HSRP switch is the active router for VLAN1 then could be a problem.

Regards,

Sundar

m-haddad · ‎08-17-2006

Hello Guys,

Never say reboot the router after configuring something in Cisco. This is not a microsoft system or a trial and error system!

As for the problem, I really didn't get what you want exactly. However, you should apply the inbound access list (Traffic from inside to outside) on the in interface of the VLAN1 because your user's gateway is the VLAN interface and it is prefered to block traffic closest to the souce.

As for the outside to inside traffic it is has to be applied on the in interface of the outside interface.

Let me know if this helps and rate please,

Thanks,

cwangskr · ‎08-18-2006

I talk to Cisco and Unfortunately, Reflexive Access Lists are not supported on a 3560 switches.

Thanks