cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

263
Views
0
Helpful
4
Replies
Highlighted
Beginner

WS-C2960X ACL issue

I have WS-C2960X-24PS-L 15.2(4)E6 C2960X-UNIVERSALK9-M on stack.

When I add in ACL object-group. Like this
object-group network test_obj
10.10.233.0 255.255.255.0
interface Vlan2330
description it_test
ip address 10.10.233.254 255.255.255.0
ip access-group test2_in in

ip access-list extended test2_in
deny ip object-group test_obj any
show ip interface vlan 2330 | include access list
Outgoing access list is not set
Inbound access list is test2_in
All traffic is free. What am I doing wrong?

   

Everyone's tags (1)
4 REPLIES 4
VIP Advisor

Re: WS-C2960X ACL issue

Hi there,

Switches and routers require ACL netmasks to be in wildcard format:

 

!
object-group network test_obj
10.10.233.0 0.0.0.255
!

 

cheers,

Seb.

 

Beginner

Re: WS-C2960X ACL issue

SW01-CORE(config-network-group)#10.10.233.0 0.0.0.255
Mask 0.0.0.255 is not suported
SW01-CORE(config-network-group)#10.10.233.0 ?
/nn or A.B.C.D Network mask
This is not a ACL body. This is a object-group body.
VIP Mentor

Re: WS-C2960X ACL issue

I am not sure about the wildcard mask...this is the syntax I get:

 

Switch(config-network-group)#192.168.1.0 ?
/nn or A.B.C.D Network mask

 

Either way, try the below:

 

object-group network test_obj
10.10.233.0 255.255.255.0
object-group network any_any
range 0.0.0.0 255.255.255.255
interface Vlan2330
description it_test
ip address 10.10.233.254 255.255.255.0
ip access-group test2_in in

!

ip access-list extended test2_in
deny object-group test_obj object-group any_any

 

Beginner

Re: WS-C2960X ACL issue

SW01-CORE(config)#object-group network any_any
SW01-CORE(config-network-group)#range 0.0.0.0 255.255.255.255
^
% Invalid input detected at '^' marker.

SW01-CORE(config-network-group)#?
Network object group configuration commands:
A.B.C.D Network address of the group members
description Network object group description
exit Exit from object group configuration mode
group-object Nested object group
host Host address of the object-group member
no Negate or set default values of a command

=(
CreatePlease to create content
Content for Community-Ad