I tried this in my lab ready to say it didn't work... but then it did. I
basically have two routers and two switches. One router plugged into each
switch with a trunk between them. You can only configure the access-list
inbound but it did work. Hopefully someone will pop-up and explain why.
Layer3 ACL on L2 Access port...Right or wrong ?
Mohamed El Henawy
to:
Cisco certification
07/22/09 05:06 PM
Sent by:
nobody_at_groupstudy.com
Please respond to "Mohamed El Henawy"
Hello Group,
i came across this question while doing the IE LAB9
2 Routers , 1 BB on the same LAN segment , we dont want to get updates
from
BB and the port on switch connected to BB has only one vlan
question is....can we put ACL under the interface instead of using vlan
filter
( vlan filter is IE answer )? is it still correct to use L3 ACL on L2 port
I think VLAN filter wouldn't work if we have other access port on this
switch
under same VLAN and might need to be in the RIP too ?
Rack2SW2#sh access-lists
Extended IP access list 199
10 deny udp any any eq rip
20 permit ip any any (39 matches)
interface FastEthernet0/24
switchport access vlan 232
ip access-group 199 in
spanning-tree guard root
Blogs and organic groups at http://www.ccie.net
Received on Wed Jul 22 2009 - 17:23:43 ART
This archive was generated by hypermail 2.2.0 : Sat Aug 01 2009 - 13:10:23 ART