I am more confused Matt !
Keeping the same example, this is what I'd have done :
access-list 5 deny host 5.5.5.5
inter vlan 5
ip address 5.5.5.1 255.255.255.0
interface vlan 6
ip address 6.6.6.1 255.255.255.0
ip access-group 5 in
OR
inter vlan 5
ip address 5.5.5.1 255.255.255.0
ip access-group 5 out
interface vlan 6
ip address 6.6.6.1 255.255.255.0
Patrice Ngassam
Ceritified Cisco CCNP, CCDP, CCIP
> Date: Sun, 21 Mar 2010 16:59:28 +1100
> From: [email protected]
> To: [email protected]
> CC: [email protected]
> Subject: Re: [OSL | CCIE_RS] Access-list on Physical vs SVI Interface
>
> It is exactly the same.
>
> Is the traffic you wish to filter passing _through_ the SVI? If so,
> then which direction. Bear in mind that two hosts on the same vlan
> will never pass through the SVI as they never need to query the
> default-gateway.
>
> However, if you have vlan 5 and vlan 6, then to filter the host on
> vlan 5 going to vlan 6 would look like this:
>
> access-list 5 deny host 5.5.5.5
>
> inter vlan 5
> ip address 5.5.5.1 255.255.255.0
> ip access-group 5 in
>
> interface vlan 6
> ip address 6.6.6.1 255.255.255.0
>
> OR
>
> inter vlan 5
> ip address 5.5.5.1 255.255.255.0
>
>
> interface vlan 6
> ip address 6.6.6.1 255.255.255.0
> ip access-group 5 out
>
> HTH
>
> Cheers,
> Matt
>
> CCIE #22386
> CCSI #31207
>
>
> On 21 March 2010 16:46, Jason LeBlanc <[email protected]> wrote:
> > I am slightly confused on the application of IN vs. OUT for the access-list
> > on an SVI interface. Physical interfaces always make sense to me for some
> > reason because I know exactly where they sit and the traffic has to ingress
> > or egress out of them.
> >
> > I have an externally facing 3750 switch and want to allow some external
> > addressing/ports. I have internal addresses that I want to do the same
> > with. Then there is the SVI segment itself (which is virtual so is it
> > inside or outside of the other segments). Finally all of that has to use a
> > physical port at some point in time. Can someone spell out the logic in
> > simple terms so I can get my mind wrapped around it?
> >
> > Thanks in advance!
> >
> > //LeBlanc
> > _______________________________________________
> > For more information regarding industry leading CCIE Lab training, please
> > visit www.ipexpert.com
> >
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
_________________________________________________________________
Hotmail arrive sur votre téléphone ! Compatible Iphone, Windows Phone,
Blackberry, …
http://www.messengersurvotremobile.com/?d=Hotmail_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
