11-23-2016 04:20 AM
Hello,
I cannot figure this out, hope that some one here will know what the issue could be. We have bought new Cisco switches SG500X small business line, we have two core switches SG500XG-8F8T 16-Port build as stack and SG500X-48P 48-Port Gigabit with 4-Port 10-Gigabit connected to this stack. I have created an aggregated link between these two switches, two links aggregated together using LACP (mode auto). My config is as following and is identical on both switches (Stack and 48P switch), please see the picture in the attachment.
interface Port-channel1
description Trunk_to_10.5.100.33_Ports_XG1&2
switchport trunk allowed vlan add 10,60,100
switchport trunk native vlan 105
interface tengigabitethernet1/2/14
description Trunk_to_10.5.100.33_Port_XG1/1/1
channel-group 1 mode auto
interface tengigabitethernet2/2/14
description Trunk_to_10.5.100.33_Port_XG1/1/2
channel-group 1 mode auto
Access List applied to interface vlan on core stack:
interface vlan 60
ip address 10.5.60.1 255.255.255.0
service-acl input AccessList_Vlan60
When I create access list for certain vlan interface on our core stack and connect my laptop to 48P switch to test the access list, it just completely ignores the access list like there would be no tagging, basically it allows you to go anywhere in that vlan. If i create simple trunk between the stack and 48P switch, port to port, no aggregation, the access list is applied just fine and all is working.
Any one seen this before? I have always dealt with Catalyst switches where I have used PagP and that was working OK every time.
Thank you for help
Jan
Solved! Go to Solution.
11-23-2016 04:49 AM
Hi Jan
seems that here is discussed similar topic to yours. what you can do to reproduce the issue is to change IP address on your laptop with 1 (to change from odd to even number or vice-versa). if you are allowed with current IP, then you should get denied with changed IP address.
and at the end if you confirm same behavior, then I strongly recommend you to open service request to Support - Small Business Support Center (SBSC in order to get this bug resolved.
11-23-2016 04:49 AM
Hi Jan
seems that here is discussed similar topic to yours. what you can do to reproduce the issue is to change IP address on your laptop with 1 (to change from odd to even number or vice-versa). if you are allowed with current IP, then you should get denied with changed IP address.
and at the end if you confirm same behavior, then I strongly recommend you to open service request to Support - Small Business Support Center (SBSC in order to get this bug resolved.
11-23-2016 05:23 AM
Hello Michal,
Thank you very much for your reply. It seems to be the issue!
I would never believe there could be such a bug, just went to try it, picked one website, it worked with odd IP but didn't with even IP. I tried few others kept changing IPs and i have to say its pretty unreliable.
I have the latest firmware on all equipment and this is quite problem for us as we have no redundancy when we are forced to use just simple trunk. We need to have access lists implemented.
Thank you for answering my question
Kind Regards,
Jan
11-23-2016 05:53 AM
just for your info: I get cross all SG500 bugs and I haven't found any bug related to this issue (LAG, VLAN ACL) so the best would be to report this in order to get TAC aware about this issue.
11-23-2016 07:09 AM
Will do.
Thank you for your help.
Jan
05-21-2018 09:03 AM
me too
just in case somebody stumbles over this, I have created a service request 684517426
06-15-2018 09:59 AM
I worked with the support team and it is a confirmed bug.
The id is CSCvj91570
for those with access, you can look it up and follow it here
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide