12-19-2018 05:24 AM - edited 03-08-2019 04:51 PM
I have WS-C2960X-24PS-L 15.2(4)E6 C2960X-UNIVERSALK9-M on stack.
When I add in ACL object-group. Like this
object-group network test_obj
10.10.233.0 255.255.255.0
interface Vlan2330
description it_test
ip address 10.10.233.254 255.255.255.0
ip access-group test2_in in
ip access-list extended test2_in
deny ip object-group test_obj any
show ip interface vlan 2330 | include access list
Outgoing access list is not set
Inbound access list is test2_in
All traffic is free. What am I doing wrong?
12-19-2018 05:55 AM
Hi there,
Switches and routers require ACL netmasks to be in wildcard format:
!
object-group network test_obj
10.10.233.0 0.0.0.255
!
cheers,
Seb.
12-19-2018 06:01 AM
12-19-2018 06:03 AM
I am not sure about the wildcard mask...this is the syntax I get:
Switch(config-network-group)#192.168.1.0 ?
/nn or A.B.C.D Network mask
Either way, try the below:
object-group network test_obj
10.10.233.0 255.255.255.0
object-group network any_any
range 0.0.0.0 255.255.255.255
interface Vlan2330
description it_test
ip address 10.10.233.254 255.255.255.0
ip access-group test2_in in
!
ip access-list extended test2_in
deny object-group test_obj object-group any_any
12-19-2018 06:14 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide