Sorry if this is a dumb question, but this isn't making much sense to me. Essentially I have an ACL applied to a server vlan on a layer3 cisco switch. The ACL seems to be working as expected for the most part. Traffic to/from the permitted items works, and all else is denying. The only issue however is that the servers can't ping the SVI default gateway. To me logic would dictate that all the servers should be able to ping the GW since it's all within the same subnet, and therefore shouldn't be hitting the ACL for that traffic, however if I remove the ACL there is no issue. Can somebody explain this to me?
Here's an example config:
ip access-list Servers_in
permit ip any host 10.1.1.10
ip access-list Servers_out
permit ip host 10.1.1.10 any
interface Vlan120
ip address 10.120.2.1 255.255.255.0
ip access-group Servers_in in
ip access-group Servers_out out
No comments:
Post a Comment