Unsolved
This post is more than 5 years old
2 Posts
0
42750
April 28th, 2008 16:00
PowerConnect 6248 ACL Problem
Here is my problem. I have multiple VLAN's 70, 80, 15, 20 ect that need to be able to communicate with VLAN 12 only and only on ports 10000, 8192-8198. None of the VLANs should be able to communicate with each other. Also I need vlan 70 to be able to communicate with anything on ports 25, 80, 443, 8080,8081 and I need VLAN 70 to be able to communicate with 10.10.90.0/24 on any port.
Here is the acl I created for VLAN 12
access-list backup permit ip 192.168.12.200 0.0.0.0 eq 10000 any
access-list backup permit ip 192.168.12.200 0.0.0.0 eq 8192 any
access-list backup permit ip 192.168.12.200 0.0.0.0 eq 8193 any
access-list backup permit ip 192.168.12.200 0.0.0.0 eq 8194 any
access-list backup permit ip 192.168.12.200 0.0.0.0 eq 8195 any
access-list backup permit ip 192.168.12.200 0.0.0.0 eq 8196 any
access-list backup permit ip 192.168.12.200 0.0.0.0 eq 8197 any
access-list backup deny ip 192.168.12.0 0.0.0.255 any
access-list backup permit ip any any
interface vlan 12
ip access-group backup in
Now for VLAN 70 I created these 2 ACL's.
access-list backup70-1 permit ip 10.10.70.0 0.0.0.255 eq 25 any
access-list backup70-1 permit ip 10.10.70.0 0.0.0.255 eq icmp any
access-list backup70-1 permit ip 10.10.70.0 0.0.0.255 eq 80 any
access-list backup70-1 permit ip 10.10.70.0 0.0.0.255 eq 443 any
access-list backup70-1 permit ip 10.10.70.0 0.0.0.255 eq 8080 any
access-list backup70-1 permit ip 10.10.70.0 0.0.0.255 eq 8081 any
access-list backup70-1 permit ip 10.10.70.0 0.0.0.255 10.10.90.0 0.0.0.255
access-list backup70 permit ip 10.10.70.0 0.0.0.255 192.168.12.200 0.0.0.0 eq 10000
access-list backup70 permit ip 10.10.70.0 0.0.0.255 192.168.12.200 0.0.0.0 eq 8192
access-list backup70 permit ip 10.10.70.0 0.0.0.255 192.168.12.200 0.0.0.0 eq 8193
access-list backup70 permit ip 10.10.70.0 0.0.0.255 192.168.12.200 0.0.0.0 eq 8194
access-list backup70 permit ip 10.10.70.0 0.0.0.255 192.168.12.200 0.0.0.0 eq 8195
access-list backup70 permit ip 10.10.70.0 0.0.0.255 192.168.12.200 0.0.0.0 eq 8196
access-list backup70 permit ip 10.10.70.0 0.0.0.255 192.168.12.200 0.0.0.0 eq 8197
access-list backup70 deny ip 10.10.70.0 0.0.0.255 any
access-list backup70 permit ip any any
When I try to apply both ACL's to VLAN 70 it says The maximum number of ACLs reached for this vlan.
Also if anyone that is more familiar with ACL's could look at my rules to see if I made any mistakes that would be nice.
0 events found
bh1633
909 Posts
0
April 28th, 2008 18:00
62xx switches only support 12 rules per vlan. You have 14. Your ACLs look fine.