Hello,
We are trying to setup two N3048 stacked switches and we have trouble with ACLs. We need to define ACLs on every VLAN and thought that rules are applied just in case that packet is leaving vlan or it is entering the vlan but we found out that if there is one pc connected to switch port in vlan and we are trying to create ACL with rule enabling ping to this PC, we also need to create second inbound rule to enable the PC to answer. It looks like switch is applying inbound ACLs also to packets going from PC to switch port. Is it normal?
In this case if I have PC with IP 10.1.180.20 in VLAN 5 and I'm trying to ping it from other vlan (there are no ACLs in other vlan), I need to create:
ACL bound to VLAN 5 as inbound
rule 1
permit ICMP packets from any to 10.1.180.20
rule 2
permit ICMP packets from 10.1.180.20 to any
Is it really like that? If I remove second rule, I'm not able to ping 10.1.180.20 from other VLAN. On router I can use instead of second rule something like permit established connections ...
That you for reaction.
Best regards, Oldrich