Hi
I have a problem of this kind, i have substituted 2 days ago my 2 core switch configured with HSRP, passing from 2 Cisco 4908G to 2 cisco WS- C3750G-12S.
I have copied all the access-list from the old switch to the new one, while previously the ACL where applied directly under the virtual interface now I have applied the rule directly under the vlan interface (configured with bridge-group and hsrp), now I have some problem on some of the vlan, the ACL applied in IN works instead the ACL applied in OUT doesn't work, as soon as I apply them they block all the traffic.
For example on 1 vlan I have 2 ACL where I have to enable only the traffic between the internal LAN . X.X.X.X and an external LAN Y.Y.Y.Y on some specified ports in both direction
Access-list extended bloom-in permit tcp X.X.X.X 0.0.0.63 Y.Y.Y.Y 0.0.0.255 gt 8193 permit tcp X.X.X.X 0.0.0.63 Y.Y.Y.Y 0.0.0.255 lt 8199 permit tcp X.X.X.X 0.0.0.63 Y.Y.Y.Y 0.0.0.255 gt 8208 permit tcp X.X.X.X 8 0.0.0.63 Y.Y.Y.Y 0.0.0.255 lt 8221 permit tcp X.X.X.X 0.0.0.63 Y.Y.Y.Y 0.0.0.255 gt 8290 permit tcp X.X.X.X 0.0.0.63 Y.Y.Y.Y 0.0.0.255 lt 8295
Access-list extended bloom-out permit tcp Y.Y.Y.Y 0.0.0.255 X.X.X.X 0.0.0.63 gt 1023 permit tcp Y.Y.Y.Y 0.0.0.255 X.X.X.X 0.0.0.63 lt 5001 permit tcp Y.Y.Y.Y 0.0.0.255 X.X.X.X 0.0.0.63 gt 8193 permit tcp Y.Y.Y.Y 0.0.0.255 X.X.X.X 0.0.0.63 lt 8386 permit udp Y.Y.Y.Y 0.0.0.255 X.X.X.X 0.0.0.63 gt 48128 permit udp Y.Y.Y.Y 0.0.0.255 X.X.X.X 0.0.0.63 lt 48138
These ACL are tested and working for several times on old switch, on the new one when I apply the ACL bloom-out in OUT nothing works.
Everything works only if i have as ACL in OUT
Access-list extended bloom-out permit ip any any
And also putting as rule something like this
Access-list extended bloom-out permit ip Y.Y.Y.Y 0.0.0.255 X.X.X.X 0.0.0.63
The traffic is blocked
Thank's for your help