Solved

applying an access list to a switch - direction

Posted on 2016-08-10
5
30 Views
Last Modified: 2016-08-30
Experts,

ON a Cisco switch I have:

Interface vlan 300
ip address 10.10.10.1 255.255.255.0

I have host 10.10.10.100

I want that host to be denied from reaching host 10.20.20.20.

access-list 100 deny ip host 10.10.10.100 host 10.20.20.20
access-list 100 permit ip any any


Question: When i go to apply acl 100 to the vlan, it would be applied OUT?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 41751417
Can we assume these two hosts are on separate VLANs? Is this a layer 3 switch? Are you permitting inter-vlan communication directly on the switch?

MO
0
 
LVL 29

Accepted Solution

by:
Predrag Jovic earned 250 total points (awarded by participants)
ID: 41751465
The way you wrote ACL on swith in should be in IN direction (in router engine inside switch from VLAN)

Interface vlan 300
ip access-group 300 in
0
 
LVL 57

Assisted Solution

by:Pete Long
Pete Long earned 250 total points (awarded by participants)
ID: 41751809
^^ agree

but should it not be?

ip access-group 100 in

P
0
 
LVL 29

Expert Comment

by:Predrag Jovic
ID: 41751856
Yes, it should.
;)
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 41776022
Author abandoned question. Solution provided by Pedrag appears to be the best.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question