From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Mon May 29 2006 - 22:25:43 ART
Hello Guys
Quick question here about a possible problem (I Think)
R4 Conneted to Sw1 interface f0/4 (routed)
Sw1 Conneted to Sw2 via Trunks
Sw2 Connected a Server (164.1.7.100) in Vlan 7
All Devices are able to ping each (IGP Any of your choice) (Yes The Switches
are running an IGP also)
But when I apply this Access-list to inbound Interface in Sw1 that is
connected to R4
Sw1(config)#access-list 101 dynamic R permit tcp any 164.1.7.100 0.0.0.0 eq
tel
Sw1(config)#access-list 101 deny tcp any 164.1.7.100 0.0.0.0 eq tel
Sw1(config)#access-list 101 permit ip any any
Sw1(config)#Int f0/4
Sw1(config-if)#Ip access-gr 101 in
Seems to have no effect for denying the traffic going to that Server IP
Address
Much more, if you apply an Access-list to deny all IP traffic it denies it,
but for the traffic going back to that interface
Any opinion about this
I know that switches are made to bridge traffic / but . it's always nice to
know that sometime things do not work well
Thanks
Victor.
Cisco IOS Software, C3550 Software (C3550-I5Q3L2-M), Version 12.2(25)SE,
RELEASE SOFTWARE (fc)
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART