[c-nsp] Vlan access-list problem

Rik Koenig rkoenig at rivulet.com
Tue Jan 3 15:28:53 EST 2006


I might be missing something, but isn't it a bit odd to allow 
non-network traffic and deny all else? It looks to me like the 10.0.0.1 
interface will allow all traffic from his "connected" net as long as 
it's from a 192.168.0.0/24 address space. Do you have the source and 
dest reversed on list 102?

~rik

Jeff Crowe wrote:

>Hi all,
>
>I have a 3560 that I am trying to configure access-lists on vlans.  I have
>configured the vlans with ip addresses and setup a simple access list for
>testing.
>
>EG:
>
>vlan 48
> said 48
>!
>interface vlan 48
> ip address 10.0.0.1 255.255.255.128
> ip access-group 102 in
> ip access-group 103 out
>!
> access-list 102 permit ip 192.168.0.0 0.0.0.255 any
> access-list 102 deny any any
> access-list 103 permit any any (testing purposes)
>
>
>The network I am coming in from is in the 192.168.0.0/24 range, but as soon
>as I apply the access-list 102 to the vlan interface, the deny any any takes
>over and denies all packets.
>
>Any suggestions on how to get the acl configured to work on a VLAN interface
>would be appreciated.
>
>Jeff.
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>  
>



More information about the cisco-nsp mailing list