We can’t ping peer device which connect directly with switch.
1. As we checked, customer configured global traffic-policy and denied the A.A.0.0 and B.B.0.0, so customer can’t ping peer side. (The A.A.0.0 and B.B.0.0 is switch’s interface ip address.)
<Switch01>display cu | in global traffic-policy OUTBOUND_ALL global outbound |
traffic policy OUTBOUND_ALL match-order config classifier VLAN_1_OUT behavior VLAN_1_OUT classifier VLAN_3_OUT behavior VLAN_3_OUT classifier VLAN_4_OUT behavior VLAN_4_OUT classifier VLAN_5_OUT behavior VLAN_5_OUT classifier VLAN_2_OUT behavior VLAN_2_OUT classifier VLAN_4_OUT behavior VLAN_4_OUT classifier VLAN_6_OUT behavior VLAN_6_OUT classifier VLAN_8_OUT behavior VLAN_8_OUT classifier VLAN_22_OUT behavior VLAN_22_OUT<?xml:namespace prefix = "o" /> classifier ACL_7 behavior ACL_7 |
acl xxxx …… rule 130 deny source A.A.0.0 0.0.255.255 rule 135 deny source B.B.0.0 0.1.255.255 …… rule 200 permit |
[Switch01-acl-basic-xxxx]undo rule 130 [SwitchCR01-acl-basic-xxxx]undo rule 135 |

Customer configured global traffic-policy and deny the traffic include the interface ip address.

Delete the related rule on ACL.
[Switch01-acl-basic-xxxx]undo rule 130
[Switch01-acl-basic-xxxx]undo rule 135