10-04-2007 02:31 AM - edited 03-05-2019 06:52 PM
Hello,
When configuring an ACL on a 2950 using wildcard bits, it reports the following error below.
HAVC3003(config)#access-list 58 permit 10.2.0.0 255.255.255.0
%Error: The field sets of all the ACEs in an ACL should match
Yet if I configure the same on a 3750 switch, it accepts it happily. The ACL being configured should be for all entries below:
access-list 58 permit 10.2.240.1
access-list 58 permit 161.12.20.0 0.0.3.255
access-list 58 permit 10.2.0.0 255.255.255.0
2950 IOS: c2950-i6q4l2-mz.121-6.EA2a.bin
Can anyone shed any light please?
rgds
Phil
Solved! Go to Solution.
10-04-2007 02:37 AM
Phil,
You need to use wildcard masks with ACLS on a router and not the normal subnet masks
The ACL's should be
access-list 58 permit host 10.2.240.1
access-list 58 permit 161.12.20.0 0.0.3.255
access-list 58 permit 10.2.0.0 0.0.0.255
HTH, rate if it does
Narayan
10-04-2007 02:36 AM
Hello,
ignore the wildcard on the above, it should read:
HAVC3003(config)#access-list 58 permit 10.2.0.0 0.0.0.255
%Error: The field sets of all the ACEs in an ACL should match
access-list 58 permit 10.2.240.1
access-list 58 permit 161.12.20.0 0.0.3.255
access-list 58 permit 10.2.0.0 0.0.0.255
2950 IOS: c2950-i6q4l2-mz.121-6.EA2a.bin
Can anyone shed any light please?
rgds
Phil
10-04-2007 02:37 AM
Phil,
You need to use wildcard masks with ACLS on a router and not the normal subnet masks
The ACL's should be
access-list 58 permit host 10.2.240.1
access-list 58 permit 161.12.20.0 0.0.3.255
access-list 58 permit 10.2.0.0 0.0.0.255
HTH, rate if it does
Narayan
10-04-2007 03:00 AM
Phil,
You need to have consistent masks with the access-lists on the 2950 switches.
Try using the same mask on all the 3 entries and you should be ok
This is not a problem with 3750 switches.
I did read this somewhere on the CCO but i am not able to find the link
HTH, rate if it does
Narayan
10-04-2007 03:17 AM
Have a look at this link
HTH
Narayan
10-04-2007 03:38 AM
Hi,
Tried this but it still doesn't want to know:
HAVC3003(config)#no access-list 58
HAVC3003(config)#access-list 58 permit host 10.2.240.1
HAVC3003(config)#access-list 58 permit 10.2.0.0 0.0.0.255
%Error: The field sets of all the ACEs in an ACL should match
Any more ideas?
Thanks
Phil
10-04-2007 03:48 AM
Phil,
Can you try the access-list as
access-list 58 permit 10.2.240.0 0.0.0.255
access-list 58 permit 10.2.0.0 0.0.0.255
Narayan
10-04-2007 04:53 AM
Hmmm strange... if you add the wildcard entries first, and then the host addresses it takes them all ok...
HAVC3001(config)#access-list 58 permit 10.2.0.0 0.0.0.31
HAVC3001(config)#access-list 58 permit host 10.4.115.4
HAVC3001(config)#access-list 58 permit host 10.4.115.7
All working OK now - thanks for the help.
Phil
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: