I have a 3550 layer 3 across which i have about 10 VLANS. My requirement is to restrict the access to VLAN 6 (172.16.12.0/22) from the management network (172.16.102.0/23) except for the host IPS mentioned in the access-list.
But even after i apply the access-list iam able to reach all the systems in VLAN 6 from management subnet.
When i add the following entry access-list 106 deny ip any any then only the access is restricted.
As every access-list has a default deny any any command at the end why is that iam required to enter the command. also even after i enter the command iam able to ping 172.16.12.2 from management subnet.
Does anyone have a clue for this type of behaviour or is it because of a bug.
from what I can tell from your access list, the statements are in the wrong order:
If e.g. you want only host 172.16.100.18 to access the VLAN, the statement would need to look like this:
access-list 106 permit ip host 172.16.100.18 0.0.3.255 172.16.12.0 0.0.3.255
I am not sure if I fully understand your access list, but you might want to put the 'log' keyword after each entry and then check the console to see which line matches when you access the VLAN from a source that you consider to be blocked...
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.