RE: ACL

From: Salau, Yemi (yemi.salau@siemens.com)
Date: Mon Apr 14 2008 - 07:49:27 ART

• Next message: Salau, Yemi: "RE: ********"
• Previous message: Sadiq Yakasai: "Re: ********"
• Maybe in reply to: Marc La Porte: "ACL"
• Next in thread: Sadiq Yakasai: "Re: ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yea, it might be an IOS thing ...

But the concept and logic works ... I just tried it on c3640-JK903S-M
and it works fine.

I was able to block tcp 23, and allow all other ip traffic flowing into
the svi from other VLANs.

R5-SW8-R4
      ||
      R1

R1 was configured as my Router-on-a-stick, R5 and R4 are in 2 different
vlans. And my svi on SW8 is configured with the access-group and that
works like blue-magic blocking tcp 23 traffic from R4 to R5, but allowed
other IP traffic like pining. However, when I took off the access-group,
I could telnet from R4 to R5.

Many Thanks
 
Yemi Salau
+447958257509
CCIE#18967

-----Original Message-----
From: Sadiq Yakasai [mailto:sadiqtanko@gmail.com]
Sent: Monday, April 14, 2008 11:17 AM
To: mohamed ouamer
Cc: Salau, Yemi; ccielab@groupstudy.com
Subject: Re: ACL

Hi guys,

Putting an ACL on SVIs doesnt achieve any effect for you actually
(tested and confirmed). At least not on a 3560 running:

3KI6R61-3560#sh ver | i IOS
Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version
12.2(44)SE, RELEASE SOFTWARE (fc1)
3KI6R61-3560#

Currently, you can only do PACLs, VACLs and RACLs, but not ACLs on SVIs.

HTH

Sadiq

Pass the CCIE in six weeks, Guaranteed!
http://www.certscience.com/CCIE

• Next message: Salau, Yemi: "RE: ********"
• Previous message: Sadiq Yakasai: "Re: ********"
• Maybe in reply to: Marc La Porte: "ACL"
• Next in thread: Sadiq Yakasai: "Re: ACL"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2008 - 08:25:50 ART