Friday, July 16, 2021

ACL on SVI filtering traffic to the default gateway?

Sorry if this is a dumb question, but this isn't making much sense to me. Essentially I have an ACL applied to a server vlan on a layer3 cisco switch. The ACL seems to be working as expected for the most part. Traffic to/from the permitted items works, and all else is denying. The only issue however is that the servers can't ping the SVI default gateway. To me logic would dictate that all the servers should be able to ping the GW since it's all within the same subnet, and therefore shouldn't be hitting the ACL for that traffic, however if I remove the ACL there is no issue. Can somebody explain this to me?

Here's an example config:

ip access-list Servers_in

permit ip any host 10.1.1.10

ip access-list Servers_out

permit ip host 10.1.1.10 any

interface Vlan120

ip address 10.120.2.1 255.255.255.0

ip access-group Servers_in in

ip access-group Servers_out out



No comments:

Post a Comment