[c-nsp] VLAN Interfaces and ACLs on a 7600....am I losing my mind?

Randy randy_94108 at yahoo.com
Tue Jul 10 19:59:00 EDT 2012


is it possible that the netmask on linux servers in vlan 20 do not match netmask on svi for vlan 20 on 7600?
./Randy

--- On Tue, 7/10/12, John Neiberger <jneiberger at gmail.com> wrote:

> From: John Neiberger <jneiberger at gmail.com>
> Subject: [c-nsp] VLAN Interfaces and ACLs on a 7600....am I losing my mind?
> To: cisco-nsp at puck.nether.net
> Date: Tuesday, July 10, 2012, 3:34 PM
> I'm running into something that is
> just baking my noodle. Imagine two
> 7600s connected via trunk:
> 
> [ Router A ] ----(dot1q)--- [ Router B ]
> 
> There are linux servers connected to layer two interfaces on
> both
> routers in VLAN 20. There are layer three interfaces
> configured on
> both routers on Interface Vlan 20, on which an ACL is
> applied. I've
> always thought that intra-vlan traffic would not be affected
> by ACLs
> applied to the layer three vlan interface, but we're seeing
> some
> pretty strange behavior. For example, if we try to ping a
> server
> connected to Router A from Router B, it fails...unless we
> change the
> DSCP markings, then it succeeds. Our ACLs do have
> dscp-related entries
> in them, but I don't understand why that would matter
> because this is
> all intra-vlan traffic.
> 
> By the way, the original problem we started troubleshooting
> is that
> devices on the VLAN cannot ping each other even though they
> are all
> connected via plain jane L2 interfaces.
> 
> I've always thought that a VACL would be required to affect
> intra-vlan
> traffic, but it sure seems like this traffic is hitting the
> ACL on the
> layer three interface. I'm more than willing to be wrong, or
> even to
> be losing my mind, but this doesn't make sense to me. 
> :)
> 
> Any thoughts?
> 
> Thanks,
> John
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list