Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4684
Views
0
Helpful
4
Replies

SG300-10 ACL entry in layer3 mode

Networking2011
Level 1
Level 1

‎07-27-2011 08:39 AM

I'm setting up two vlans and I would like all of vlan 2 to only have access to the WAN router on vlan1 at 192.168.30.1.

VLAN1 192.168.30.x

VLAN2 192.168.31.x

I've setup the VLANS and static routes and I'm able to access the WAN router at 192.168.30.1 from the 192.168.31.x network and

everything is fine.

I'm getting an error setting up the IPv4 based ACL that is designed to allow the 192.168.31.x network access to only

the 192.168.30.1 WAN router.

The first rule I setup is to permit source 192.168.31.0 / 0.0.0.255 dest 192.168.30.0/0.0.0.255 to allow all traffic to from the 192.168.31.

net to access the 192.168.30.x net. Then I was going to deny the dest of 192.168.30.1-255 but I'm not sure of the wildcard to

use for that.

I'm not clear on the wildcards but I'm also getting the following error when I setup the first ACE rule:

"MIB Index is out of range.Index must be bigger then 0 and Existing ifindex.."

I suspect the error is related to how I'm using the wildcards?

Labels:
0 Helpful
4 Replies 4

David Hornstein
Level 7
Level 7

‎07-27-2011 10:55 PM

I think i did want you wanted to achieve  on my SG300-10P 

I did prioritize my ACE entries from 1 to 3 as the ACL will go through the ACE entries from top to bottom.

I also included a small window with the CLI that was generated grom the GUI incase you wish to try the CLI approach..

I hope it's of some help.

regards Dave

0 Helpful

Networking2011
Level 1
Level 1
In response to David Hornstein

‎07-28-2011 02:58 PM

Thanks Dave, that confirms my wildcards but I still get the same error setting up the first rule.

"MIB Index is out of range.Index must be bigger then 0 and Existing ifindex.."

I  checked the firmware and it was at 1.0.0.27 and the lastest from cisco  is 1.1.0.73!   Sounds like cisco has some very old stock in the  warehouses. I'm going to try updating the firmware. Not real impressed  with the low end from cisco after this.

0 Helpful

David Hornstein
Level 7
Level 7
In response to Networking2011

‎07-28-2011 04:15 PM

Hi networking 2011,

it seems to me  you may be experiencing a problem by not adding priority to those ACE entries..

.

Good help text is built into the switch  and it says to add  a number to the priority field.

Untitled.jpg

Without adding priority you will get the error message below,.

Untitled.jpg

See how it goes, this is a new switch for you, but we both have the same firmware  and basically the identical switch. 

Historically my switch that i have had for about a year now,  was running 1.0.0.27 till only a couple of months ago.

We don't release firmware that often, and there was no intermediate releases of firmware between 1.0.0.27 and the new 1.1 release of code. 

We unfortunatelly have no control when a switch will be picked off a distributors warehouse shelf and shipped to a Cisco Partner or end user.

Do let me know how you go.

regards Dave

0 Helpful

Networking2011
Level 1
Level 1
In response to David Hornstein

‎07-29-2011 07:27 AM

I was absolutely entering the priority each time I tried a new ACE, the error was fixed after the 1.1.0.73 firmware upgrade.

The switch came with 1.0.0.27 firmware. After updating to 1.1.0.73 I can now add IPv4 based ACL entries without error.

Thanks for your help!

0 Helpful
Customers Also Viewed These Support Documents