Here's the deal........... I have a 5500 with RSM with a few VLANs on it, each VLAN with an IP and the RSM is handling the routing for all VLANs. I've got one VLAN in particular (511) that I'm experimenting with.... I made the following access list:
Router#(config)access-list 10 deny any log (I know this seems stupid because of the implicit deny, but I'm experimenting) then applied this to VLAN 511: Router#config t Router#(config)#int vlan 511 Router#(config-if)#ip access-group 10 in Router#(config-if)#ip access-group 10 out This VLAN 511 interface has an IP of 10.51.1.1 and it's the only IP active in that subnet (10.51.1.0/24) as there are no devices setup yet......... I do have a port on that VLAN connected to another (Nortel) switch, so the VLAN511 interface shows up/up when you do a 'sh int vlan511'. Here's my deal........ I'm in a different subnet a few hops away (10.1.0.0/16, let's say) and I can still ping 10.51.1.1 from my PC.... shouldn't that access list deny all traffic coming in/out of that VLAN?!?! I check the log file after pinging (that VLAN IP from my PC) and there's nothing...(note the log argument was used on the access-list) I have a couple of 2500s with CSUs and crossover T1 cable, and I applied the same access list to one of the serial interfaces, and when pinging from the other 2500, I get the expected timeouts... So why wouldn't applying this access list to a VLAN interface on an RSM do the same thing and prevent me from pinging the IP on that VLAN interface?!?!? Am I missing something? Is there something different about how the ACLs are applied to VLANs in an RSM as opposed to a physical interface on a router? I'm not aware of any such differences... Please feel free to humiliate and make fun me when telling me the simple something that I'm just not getting =) TIA, Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43128&t=43128 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]