Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL in RSM

Hi, I work with Catalyst 4006 + RSM. My interfaces are configured as trunks, and subinterfaces for each vlan: gigabit 3.1, 3.2, 4.1, 4.2, etc. I have an ACL applied on the inbound line vty and it is work ok. But for a subinterface don't work.

Cisco Internetwork Operating System Software

IOS (tm) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(10)W5(18f)

ROM: System Bootstrap, Version 12.0(7)W5(15b) RELEASE SOFTWARE

ROM: L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(25)W5(27) RELEASE SOFTWARE

Router uptime is 19 weeks, 1 day, 19 hours, 31 minutes

System restarted by power-on at 17:00:07 edt3 Sun Jun 4 2006

Running default software

cisco Cat4232L3 (R5000) processor with 57344K/8192K bytes of memory.

R5000 processor, Implementation 35, Revision 2.1

Last reset from power-on

1 FastEthernet/IEEE 802.3 interface(s)

4 Gigabit Ethernet/IEEE 802.3z interface(s)

123K bytes of non-volatile configuration memory.

16384K bytes of Flash internal SIMM (Sector size 256K).

Configuration register is 0x2

Anybody can help me?

Thks,

Paulo

2 REPLIES

Re: ACL in RSM

You need to apply the ACL on the VLAN/SVI interface, instead of physical sub-interface.

Applying ACL (ip access-group) on vty is common, but to filter telnet to Vlan, i.e member host telnetting to Vlan interface IP @ GW, you need to apply ACL on the Vlan itself.

Create an ACL to define permitted hosts/IPs to telnet, and apply it to the Vlan using 'access-group ' command.

HTH

AK

New Member

Re: ACL in RSM

Ok, I applied.

My configuration:

access-list 101 permit ip 10.0.75.0 0.0.0.255 any log

access-list 101 permit ip host 10.0.65.16 any log

access-list 101 deny ip any any log

interface GigabitEthernet3.102

description Vlan Acesso Rede Adm SUN

encapsulation dot1Q 102

ip address 10.0.30.1 255.255.255.0

ip access-group 101 in

no ip redirects

no ip directed-broadcast

no cdp enable

Any ideas?

Thks,

Paulo

107
Views
0
Helpful
2
Replies
CreatePlease login to create content