07-27-2011 08:39 AM
I'm setting up two vlans and I would like all of vlan 2 to only have access to the WAN router on vlan1 at 192.168.30.1.
VLAN1 192.168.30.x
VLAN2 192.168.31.x
I've setup the VLANS and static routes and I'm able to access the WAN router at 192.168.30.1 from the 192.168.31.x network and
everything is fine.
I'm getting an error setting up the IPv4 based ACL that is designed to allow the 192.168.31.x network access to only
the 192.168.30.1 WAN router.
The first rule I setup is to permit source 192.168.31.0 / 0.0.0.255 dest 192.168.30.0/0.0.0.255 to allow all traffic to from the 192.168.31.
net to access the 192.168.30.x net. Then I was going to deny the dest of 192.168.30.1-255 but I'm not sure of the wildcard to
use for that.
I'm not clear on the wildcards but I'm also getting the following error when I setup the first ACE rule:
"MIB Index is out of range.Index must be bigger then 0 and Existing ifindex.."
I suspect the error is related to how I'm using the wildcards?
07-27-2011 10:55 PM
I think i did want you wanted to achieve on my SG300-10P
I did prioritize my ACE entries from 1 to 3 as the ACL will go through the ACE entries from top to bottom.
I also included a small window with the CLI that was generated grom the GUI incase you wish to try the CLI approach..
I hope it's of some help.
regards Dave
07-28-2011 02:58 PM
Thanks Dave, that confirms my wildcards but I still get the same error setting up the first rule.
"MIB Index is out of range.Index must be bigger then 0 and Existing ifindex.."
I checked the firmware and it was at 1.0.0.27 and the lastest from cisco is 1.1.0.73! Sounds like cisco has some very old stock in the warehouses. I'm going to try updating the firmware. Not real impressed with the low end from cisco after this.
07-28-2011 04:15 PM
Hi networking 2011,
it seems to me you may be experiencing a problem by not adding priority to those ACE entries..
.
Good help text is built into the switch and it says to add a number to the priority field.
Without adding priority you will get the error message below,.
See how it goes, this is a new switch for you, but we both have the same firmware and basically the identical switch.
Historically my switch that i have had for about a year now, was running 1.0.0.27 till only a couple of months ago.
We don't release firmware that often, and there was no intermediate releases of firmware between 1.0.0.27 and the new 1.1 release of code.
We unfortunatelly have no control when a switch will be picked off a distributors warehouse shelf and shipped to a Cisco Partner or end user.
Do let me know how you go.
regards Dave
07-29-2011 07:27 AM
I was absolutely entering the priority each time I tried a new ACE, the error was fixed after the 1.1.0.73 firmware upgrade.
The switch came with 1.0.0.27 firmware. After updating to 1.1.0.73 I can now add IPv4 based ACL entries without error.
Thanks for your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide