If 10.51.1.1 is the only IP active on that subnet, then the traffic is not being sourced from that network, thus rendering the ACL irrelevant. If, however, your host was connected to one of the ports on vlan 511, you would not be able to communicate with the RSM past the ACL.
So, in other words, you are pinging from the other (open) side of the ACL. On Thu, 2002-05-02 at 11:43, Michael Williams wrote: > Here's the deal........... I have a 5500 with RSM with a few VLANs on it, > each VLAN with an IP and the RSM is handling the routing for all VLANs. > I've got one VLAN in particular (511) that I'm experimenting with.... I > made the following access list: > > Router#(config)access-list 10 deny any log > > (I know this seems stupid because of the implicit deny, but I'm > experimenting) > > then applied this to VLAN 511: > > Router#config t > Router#(config)#int vlan 511 > Router#(config-if)#ip access-group 10 in > Router#(config-if)#ip access-group 10 out > > This VLAN 511 interface has an IP of 10.51.1.1 and it's the only IP active > in that subnet (10.51.1.0/24) as there are no devices setup yet......... I > do have a port on that VLAN connected to another (Nortel) switch, so the > VLAN511 interface shows up/up when you do a 'sh int vlan511'. > > Here's my deal........ I'm in a different subnet a few hops away > (10.1.0.0/16, let's say) and I can still ping 10.51.1.1 from my PC.... > shouldn't that access list deny all traffic coming in/out of that VLAN?!?! > I check the log file after pinging (that VLAN IP from my PC) and there's > nothing...(note the log argument was used on the access-list) > > I have a couple of 2500s with CSUs and crossover T1 cable, and I applied the > same access list to one of the serial interfaces, and when pinging from the > other 2500, I get the expected timeouts... So why wouldn't applying this > access list to a VLAN interface on an RSM do the same thing and prevent me > from pinging the IP on that VLAN interface?!?!? > > Am I missing something? Is there something different about how the ACLs are > applied to VLANs in an RSM as opposed to a physical interface on a router? > I'm not aware of any such differences... > > Please feel free to humiliate and make fun me when telling me the simple > something that I'm just not getting =) > > TIA, > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43135&t=43128 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
