Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2999
Views
4
Helpful
7
Replies

ACL error

Go to solution
phil_carter
Level 1
Level 1

‎10-04-2007 02:31 AM - edited ‎03-05-2019 06:52 PM

Hello,

When configuring an ACL on a 2950 using wildcard bits, it reports the following error below.

HAVC3003(config)#access-list 58 permit 10.2.0.0 255.255.255.0

%Error: The field sets of all the ACEs in an ACL should match

Yet if I configure the same on a 3750 switch, it accepts it happily. The ACL being configured should be for all entries below:

access-list 58 permit 10.2.240.1

access-list 58 permit 161.12.20.0 0.0.3.255

access-list 58 permit 10.2.0.0 255.255.255.0

2950 IOS: c2950-i6q4l2-mz.121-6.EA2a.bin

Can anyone shed any light please?

rgds

Phil

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
royalblues
Level 10
Level 10

‎10-04-2007 02:37 AM

Phil,

You need to use wildcard masks with ACLS on a router and not the normal subnet masks

The ACL's should be

access-list 58 permit host 10.2.240.1

access-list 58 permit 161.12.20.0 0.0.3.255

access-list 58 permit 10.2.0.0 0.0.0.255

HTH, rate if it does

Narayan

View solution in original post

0 Helpful
7 Replies 7

Go to solution
phil_carter
Level 1
Level 1

‎10-04-2007 02:36 AM

Hello,

ignore the wildcard on the above, it should read:

HAVC3003(config)#access-list 58 permit 10.2.0.0 0.0.0.255

%Error: The field sets of all the ACEs in an ACL should match

access-list 58 permit 10.2.240.1

access-list 58 permit 161.12.20.0 0.0.3.255

access-list 58 permit 10.2.0.0 0.0.0.255

2950 IOS: c2950-i6q4l2-mz.121-6.EA2a.bin

Can anyone shed any light please?

rgds

Phil

0 Helpful

Go to solution
royalblues
Level 10
Level 10

‎10-04-2007 02:37 AM

Phil,

You need to use wildcard masks with ACLS on a router and not the normal subnet masks

The ACL's should be

access-list 58 permit host 10.2.240.1

access-list 58 permit 161.12.20.0 0.0.3.255

access-list 58 permit 10.2.0.0 0.0.0.255

HTH, rate if it does

Narayan

0 Helpful

Go to solution
royalblues
Level 10
Level 10
In response to royalblues

‎10-04-2007 03:00 AM

Phil,

You need to have consistent masks with the access-lists on the 2950 switches.

Try using the same mask on all the 3 entries and you should be ok

This is not a problem with 3750 switches.

I did read this somewhere on the CCO but i am not able to find the link

HTH, rate if it does

Narayan

0 Helpful

Go to solution
phil_carter
Level 1
Level 1
In response to royalblues

‎10-04-2007 03:38 AM

Hi,

Tried this but it still doesn't want to know:

HAVC3003(config)#no access-list 58

HAVC3003(config)#access-list 58 permit host 10.2.240.1

HAVC3003(config)#access-list 58 permit 10.2.0.0 0.0.0.255

%Error: The field sets of all the ACEs in an ACL should match

Any more ideas?

Thanks

Phil

0 Helpful

Go to solution
royalblues
Level 10
Level 10
In response to phil_carter

‎10-04-2007 03:48 AM

Phil,

Can you try the access-list as

access-list 58 permit 10.2.240.0 0.0.0.255

access-list 58 permit 10.2.0.0 0.0.0.255

Narayan

Go to solution
phil_carter
Level 1
Level 1
In response to royalblues

‎10-04-2007 04:53 AM

Hmmm strange... if you add the wildcard entries first, and then the host addresses it takes them all ok...

HAVC3001(config)#access-list 58 permit 10.2.0.0 0.0.0.31

HAVC3001(config)#access-list 58 permit host 10.4.115.4

HAVC3001(config)#access-list 58 permit host 10.4.115.7

All working OK now - thanks for the help.

Phil

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card