Prev: PPPoE Server - WIth Nat
Next: How to Upgrade Cisco IOS Tutorial
From: Lovejoy on 10 Nov 2009 15:06
This should be simple, but I am doing something wrong. I need a write
an PACL that will only allow established traffic to a switch port.
Here is what I have so far :

access-list 101 permit tcp any 192.168.145.250 0.0.0.0 established

int g1/48
ip access-group 101 in


What this gets me is no connectivity with the acl in place on the
interface. It has to be something that is right in my face, that I am
missing. Our 4500 can't do NAT, so I have to find a workaround.

Suggestions?

TIA
Lovejoy

--
===========================================================
This space for lease....
From: JF Mezei on 10 Nov 2009 19:30
Lovejoy wrote:

> access-list 101 permit tcp any 192.168.145.250 0.0.0.0 established
>
> int g1/48
> ip access-group 101 in
>
>
> What this gets me is no connectivity with the acl in place on the
> interface.

To get to an "established" state, you need to first exchange a few
packets. So you need to get your ACL to permit the packet exchange that
will lead to the established state after which, the first line handles
the traffic.
From: Lovejoy on 11 Nov 2009 13:36
In article <00a8183d$0$27966$c3e8da3(a)news.astraweb.com>, JF Mezei
<jfmezei.spamnot(a)vaxination.ca> wrote:

> Lovejoy wrote:
>
> > access-list 101 permit tcp any 192.168.145.250 0.0.0.0 established
> >
> > int g1/48
> > ip access-group 101 in
> >
> >
> > What this gets me is no connectivity with the acl in place on the
> > interface.
>
> To get to an "established" state, you need to first exchange a few
> packets. So you need to get your ACL to permit the packet exchange that
> will lead to the established state after which, the first line handles
> the traffic.


Thanks for the response. It was my assumption that since there was no
ACl controlling any outbound traffic, that the ACL 101 would "see" that
it was established traffic. Do I need to have an ACL like the

access-list 100 permit ip 192.168.145.250 0.0.0.0 any

and apply it in the out direction on the interface?


Thanks
Lovejoy

--
===========================================================
This space for lease....
 | 
Pages: 1
Prev: PPPoE Server - WIth Nat
Next: How to Upgrade Cisco IOS Tutorial