IP access-group on a switchport - STRANGE!

From: Sadiq Yakasai (sadiqtanko@gmail.com)
Date: Fri Feb 01 2008 - 15:55:43 ARST

• Next message: Scott Morris: "RE: how would you analyse this prefix-list"
• Previous message: Andy: "Re: Smart way to find changes done by Mr. Procter ;)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey guys,

I would think this is definately a strange behaviour, but ive seen it:

I configured an IP access-list on a switchport (access-port) and
traffic coming from the host connected to this port was hitting my IP
access-list.....

I would think frames coming through the switchport should get L2
switched and hence there shouldnt be any hit on my IP access-list
(L3/L4), but it seems the access-list has an effect on the port.
SW1(config)#do sh run | i access
access-list 100 permit tcp any any eq telnet

 switchport access vlan 162
 switchport mode access
 ip access-group 100 in

Whats your take on this please?

Thanks

Sadiq

• Next message: Scott Morris: "RE: how would you analyse this prefix-list"
• Previous message: Andy: "Re: Smart way to find changes done by Mr. Procter ;)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:47 ARST