Invalid input error when trying to define a vlan access-map
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-07-2021 05:40 PM
VACL design question Vlan Access map
I have a primary switch connected with 2 secondary switches. They contain vlans 10,20,30,40,50, and 60. I need vlan 10 to be able to communicate with all the other vlans. I need vlan 20 to be able to communicate with vlans 30 and 40. Vlans 30,40,50, and 60 should not be able to communicate with other vlans. My understanding is I need to create access control lists and use VACL access-mapping to apply them. Am I mistaken? When I try to define the access map I get an invalid input error:
SW1(config)#ip access-list extended ALLOW_ALL
SW1(config-ext-nacl)#permit ip any any
SW1(config-ext-nacl)#vlan access-map VACL_10
^
% Invalid input detected at '^' marker.
SW1(config-ext-nacl)#
what am I doing wrong?
thanks!
- Labels:
-
Other Switching

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2021 12:09 AM
Hello,
it looks like you are in the wrong mode:
SW1(config-ext-nacl)#vlan access-map VACL_10
You need to be in global config mode:
SW1(config)#vlan access-map VACL_10
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2021 08:01 AM - edited 11-08-2021 08:02 AM
I changed the mode, now I'm getting an invalid input error with the carrot
under the 'a' in access-map.
SW1>en
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vlan access-map VACL_ALLOW
^
% Invalid input detected at '^' marker.
SW1(config)#
any thoughts?
thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2021 08:23 AM
Hello,
what are your options after 'vlan':
SW1(config)#vlan ?
Which switch model and IOS version do you have ? Post the output of:
sh ver
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-08-2021 08:36 AM
struggling trying to figure all this out. here’s the output for SW1#vlan ?
….I tried that earlier but didn’t know what to do with the options it
presented. Below that is the sh ver.
##### vlan ? options #########
SW1>en
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vlan ?
<1-4094> ISL VLAN IDs 1-1005
SW1(config)#vlan
SW1#sh ver
Cisco IOS Software [Denali], Catalyst L3 Switch Software
(CAT3K_CAA-UNIVERSALK9-M), Version 16.3.2, RELEASE SOFTWARE (fc4)
Technical Support : http://www.cisco.com/techsupport
Copyright(c) 1986 - 2016 by Cisco Systems, Inc.
Compiled Tue 08 - Nov - 16 17:31 by pt_team
Cisco IOS-XE software, Copyright(c) 2005 - 2016 by cisco Systems, Inc.
All rights reserved.Certain components of Cisco IOS - XE software are
licensed under the GNU General Public License("GPL") Version 2.0.The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.You can redistribute and / or modify such
GPL code under the terms of GPL Version 2.0.For more details, see the
documentation or "License Notice" file accompanying the IOS - XE software,
or the applicable URL provided on the flyer accompanying the IOS - XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 4.26, RELEASE
SOFTWARE (P)
test uptime is 7 hours, 33 minutes
Uptime for this control processor is 7 hours, 36 minutes
System returned to ROM by Power Failure
System image file is "flash:/cat3k_caa-universalk9.16.03.02.SPA.bin"
Last reload reason : Power Failure
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found
at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Technology Package License Information :
---------------------------------------------------------------- -
Technology - package Technology - package
Current Type Next reboot
------------------------------------------------------------------
ipservicesk9 Permanent ipservicesk9
cisco WS-C3650-24PS (MIPS) processor (revision N0) with 865815K/6147K bytes
of memory.
Processor board ID FDO2031E1Q6
1 Virtual Ethernet interface
28 Gigabit Ethernet/IEEE 802.3 interface(s)
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo : .
1609272K bytes of Flash at flash : .
0K bytes of at webui : .
Base ethernet MAC Address : 00:50:0F:40:20:D9
Motherboard assembly number : 73-15899-06
Motherboard serial number : FDO20311WHP
Model revision number : N0
Motherboard revision number : A0
Model number : WS-C3650-24PS
System serial number : FDO2031Q0TD
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 28 WS-C3650-24PS 16.3.2 CAT3K_CAA-UNIVERSALK9 BUNDLE
Configuration register is 0x102
