[c-nsp] VACL Question
Andriy Bilous
andriy.bilous at gmail.com
Thu Dec 19 06:45:17 EST 2013
Could it be that you're using only one direction in IP ACLs bound to VACL?
E.g.
permit any 10.0.0.0
instead of
permit 10.0.0.0 any
permit any 10.0.0.0
On Wed, Dec 18, 2013 at 9:23 PM, Randy <amps at djlab.com> wrote:
> I experimented and the following allowed me to see both sides of the
> traffic:
>
> (config-if)#switchport capture allowed vlan all
> !works in both directions
>
> VS
>
> (config-if)#switchport capture allowed vlan <target vlan>
> !works for inbound (WAN->VLAN) only
>
> I have not applied the VACL to any VLAN other than <target vlan>, and the
> ingress/egress points for the traffic are L3 physical interfaces, not other
> VLANs.
>
> Could someone can hit me with a clue-bat?
>
> Thanks all,
>
>
> ~Randy
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list