From: Petr Lapukhov (petrsoft@gmail.com)
Date: Tue May 30 2006 - 01:43:40 ART
Victor,
AFAIK dynamic access-lists are not supported by 3550.
-- begin quote
Unsupported features:
....
Dynamic ACLs (except for certain specialized dynamic ACLs used by the switch
clustering feature).
--- end quote
So you may get upredicable behavior, trying to use them
HTH
Petr
2006/5/30, Victor Cappuccio <cvictor@protokolgroup.com>:
>
> Hello Guys
>
> Quick question here about a possible problem (I Think)
>
> R4 Conneted to Sw1 interface f0/4 (routed)
> Sw1 Conneted to Sw2 via Trunks
> Sw2 Connected a Server (164.1.7.100) in Vlan 7
>
> All Devices are able to ping each (IGP Any of your choice) (Yes The
> Switches
> are running an IGP also)
>
> But when I apply this Access-list to inbound Interface in Sw1 that is
> connected to R4
>
>
>
> Sw1(config)#access-list 101 dynamic R permit tcp any 164.1.7.100 0.0.0.0eq
> tel
> Sw1(config)#access-list 101 deny tcp any 164.1.7.100 0.0.0.0 eq tel
>
> Sw1(config)#access-list 101 permit ip any any
>
> Sw1(config)#Int f0/4
> Sw1(config-if)#Ip access-gr 101 in
>
> Seems to have no effect for denying the traffic going to that Server IP
> Address
> Much more, if you apply an Access-list to deny all IP traffic it denies
> it,
> but for the traffic going back to that interface
>
> Any opinion about this
> I know that switches are made to bridge traffic / but . it's always nice
> to
> know that sometime things do not work well
>
>
> Thanks
> Victor.
>
> Cisco IOS Software, C3550 Software (C3550-I5Q3L2-M), Version 12.2(25)SE,
> RELEASE SOFTWARE (fc)
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:22 ART