Hello,
We have a client which wants to restrict traffic from one VLAN to one destination subnet. We have configured the IP ACL as following.
ip access-list VL1002-IN
permit ip 192.168.102.0 255.255.255.0 172.31.254.0 255.255.255.0
!
interface vlan 1002
ip address 192.168.102.1 255.255.255.0
ip access-group VL1002-IN in
The problem is that when that ACL is applied, the setup cannot work. We cannot even ping the internal 102. devices from the switch. I have done various testing from permitting subnet 192.168.102.x to itself in the ACL, to a reverse 'OUT' ACL, but nothing seems to work.
I am using version 6.1.0.6 on a stack of N3024.
Any tips?
Cheers.