Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
999
Views
0
Helpful
7
Replies

acl OUT on vlan interface not working

Britto Vimalraj Anthonysamy
Level 1
Level 1

‎04-06-2018 08:26 AM - edited ‎03-08-2019 02:33 PM

hi ..

i have L3 core switch with 5 no of vlan configured , with VTP mode server,

there 5 access switches connected to core with vtp client mode..

vlan 10 - 192.168.10.0/24 - management

vlan 20 - 192.168.20.0/24 - server

vlan 30 - 192.168.30.0/24 - data

vlan 40 - 192.168.40.0/24 - printer, other

vlan 50 - 192.168.50.0/24 - voice

 

all access switches are configured with management vlan 10 (192.168.10.x) 

here the requirement is , if any one telnet to these mgmt IP , should be blocked except few IP and this shall happen at core switch level, dont want to apply the acl in all access switch under vty.

 

so , the acl configured below

 

ip access-list extended FEW

5 permit ip 192.168.20.0 0.0.0.31 192.168.10.0 0.0.0.255

10 permit ip host 192.168.30.10 192.168.10.0 0.0.0.255

 

int vlan 10

ip add 192.168.10.1 255.255.255.0

ip access-group FEW out

 

---------------------------

but not getting the required result, all mentioned IP above able to telnet?? So what is the reason?? how to slove it?? Thanks in advance.

Labels:
0 Helpful
7 Replies 7

chrihussey
VIP Alumni
VIP Alumni

‎04-06-2018 09:14 AM

What type of switch is the core and is the management VLAN the only IP interface on the access switches?

Thanks

0 Helpful

Britto Vimalraj Anthonysamy
Level 1
Level 1
In response to chrihussey

‎04-06-2018 09:26 AM

hi,

 

Its 4500, ..yes access switch configured with only one ip under vlan 10

 

Thanks

0 Helpful

chrihussey
VIP Alumni
VIP Alumni
In response to Britto Vimalraj Anthonysamy

‎04-06-2018 09:28 AM

What type supervisor and version of code?

0 Helpful

Britto Vimalraj Anthonysamy
Level 1
Level 1
In response to chrihussey

‎04-06-2018 09:30 AM

hi Thanks...

 

its 8L-E sup.. not sure about version.

Is there any issue with acl?? or do you think any bug issue?

0 Helpful

chrihussey
VIP Alumni
VIP Alumni
In response to Britto Vimalraj Anthonysamy

‎04-06-2018 09:45 AM

I don't see a problem with the ACL so I wouldn't rule out the possibility of a bug.

How about adding deny any any to the end of the ACL, perhaps with the log extension just to see what that does.

0 Helpful

Britto Vimalraj Anthonysamy
Level 1
Level 1
In response to chrihussey

‎04-06-2018 09:49 AM

is there any possibility ? like extra space in named acl , which leads to this issue??

i dont see hit also

0 Helpful

chrihussey
VIP Alumni
VIP Alumni
In response to Britto Vimalraj Anthonysamy

‎04-06-2018 09:57 AM

Not likely, if the syntax is wrong it won't accept the command.

Thinking a bug or possibly something in the system architecture. A CCO Case may be in order.

I don't have any 8-LEs on my network but will be turning one up next week so I'm curious and will be able to investigate further. Post the version of IOS if you can.  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card