Hi,
I'm having some issues with access-lists. (Testing for capabilities)
I have the following setup in a lab (real hardware)
Lab scenario (to use in production eventually)
8230 VSX Cluster 10.09 and few vlans, nothing fancy.
vlan100 10.6.6.0/24 client vlan
vlan200 10.5.5.0/24 server vlan
vlan300 10.7.7.0/24 client vlan
I wan to restrict traffic to the servers in vlan 200 for only certain devices/ip subnets.
Server on vlan 200 can have all outbound traffic.
I have the following access-list.
# sh access-list ip commands
access-list ip 200-out
10 permit tcp 10.6.6.0/255.255.255.0 any eq rdp count
20 permit icmp 10.6.6.0/255.255.255.0 any count
30 permit icmp 10.7.7.222 any count
interface vlan200
apply access-list ip 200-out routed-out
ACL works for traffic from client vlans to server vlan, but outbound(from server to other vlans) traffic is using same access-list as it appears, traffic not in ACL is not working. So i cannot reach clients in vlan 300 (for example), except with icmp (which is in acl).
Tried also both directions (routed-in routed-out), on a vlan(vacl) and on a port(pacl), all the same. So i must be missing something / i don't fully understand how access list work on CX :). Can find it in any documentation.
So could anyone explain it to me / have any suggestions on how to best solve this scenario.
Thanks very much.
------------------------------
Bob van de Merwe
------------------------------