11-20-2014 03:02 PM
Hi! I found a bug on SX300 series FW 1.4.0.88 on mac ace wildcard. The problem is, that the mac address mask is not working. Sample: mac access-list extended test permit any 00:13:21:b4:ea:2e 00:00:00:00:00:11 ace-priority 1 exit interface fastethernet2 description test-device service-acl input test will not accept mac addresses from range 00:13:21:b4:ea:00 - 00:13:21:b4:ea:ff. Thanks
11-22-2014 12:36 PM
Hello Peter,
Have you tried entering the command without the "ace-priority 1" keyword?
config t
mac access-list extended test
permit any 00:13:21:b4:ea:2e 00:00:00:00:00:11
exit
interface FastEthernet2
description test-device
service-acl input test
Nagaraja
11-23-2014 02:28 AM
Hello,
yes, i tried with no success.
Also the same problem is on SG500X FW 1.3.7.18 connected to stack with two SG500 switches.
11-23-2014 12:32 PM
Hello Peter,
That is interesting because I am able to put those commands into my SG300 switch and the switch accepts it as entered.
Can you please post the output of the same commands over here?
Nagaraja
11-25-2014 04:43 AM
11-26-2014 04:27 AM
Hi Peter,
One comment, you have to add ACE allowing ARP. ARP resolution is needed for MAC ACL.
permit any ff:ff:ff:ff:ff:ff 00:00:00:00:00:00 2048 0000 ace-priority 30
Regards,
Aleksandra
11-26-2014 05:08 AM
11-26-2014 05:50 AM
Hi Peter,
Yes I can see the same here. It works only for specific MAC address and it would not work for range.
It would be good idea to open ticket with Small Business Team so they can communicate with engineering.
http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
Regards,
Aleksandra
11-26-2014 05:50 AM
11-26-2014 09:13 AM
Hi Peter,
I manged to see the same problem but thank you anyway. Yes if the MAC is matching all works as expected if the MAC is from the range (specified my wildcard mask) the packets are dropped.
Aleksandra
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide