Showing results for 
Search instead for 
Did you mean: 


Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


SG300-10 ACL entry in layer3 mode

I'm setting up two vlans and I would like all of vlan 2 to only have access to the WAN router on vlan1 at

VLAN1 192.168.30.x

VLAN2 192.168.31.x

I've setup the VLANS and static routes and I'm able to access the WAN router at from the 192.168.31.x network and

everything is fine.

I'm getting an error setting up the IPv4 based ACL that is designed to allow the 192.168.31.x network access to only

the WAN router.

The first rule I setup is to permit source / dest to allow all traffic to from the 192.168.31.

net to access the 192.168.30.x net. Then I was going to deny the dest of but I'm not sure of the wildcard to

use for that.

I'm not clear on the wildcards but I'm also getting the following error when I setup the first ACE rule:

"MIB Index is out of range.Index must be bigger then 0 and Existing ifindex.."

I suspect the error is related to how I'm using the wildcards?

David Hornstein
Rising star

I think i did want you wanted to achieve  on my SG300-10P 

I did prioritize my ACE entries from 1 to 3 as the ACL will go through the ACE entries from top to bottom.

I also included a small window with the CLI that was generated grom the GUI incase you wish to try the CLI approach..

I hope it's of some help.

regards Dave

Thanks Dave, that confirms my wildcards but I still get the same error setting up the first rule.

"MIB Index is out of range.Index must be bigger then 0 and Existing ifindex.."

I  checked the firmware and it was at and the lastest from cisco  is!   Sounds like cisco has some very old stock in the  warehouses. I'm going to try updating the firmware. Not real impressed  with the low end from cisco after this.

Hi networking 2011,

it seems to me  you may be experiencing a problem by not adding priority to those ACE entries..


Good help text is built into the switch  and it says to add  a number to the priority field.


Without adding priority you will get the error message below,.


See how it goes, this is a new switch for you, but we both have the same firmware  and basically the identical switch. 

Historically my switch that i have had for about a year now,  was running till only a couple of months ago.

We don't release firmware that often, and there was no intermediate releases of firmware between and the new 1.1 release of code. 

We unfortunatelly have no control when a switch will be picked off a distributors warehouse shelf and shipped to a Cisco Partner or end user.

Do let me know how you go.

regards Dave

I was absolutely entering the priority each time I tried a new ACE, the error was fixed after the firmware upgrade.

The switch came with firmware. After updating to I can now add IPv4 based ACL entries without error.

Thanks for your help!

Recognize Your Peers
How would you describe your level of technical expertise?