10-04-2007 02:31 AM - edited 03-05-2019 06:52 PM
Hello,
When configuring an ACL on a 2950 using wildcard bits, it reports the following error below.
HAVC3003(config)#access-list 58 permit 10.2.0.0 255.255.255.0
%Error: The field sets of all the ACEs in an ACL should match
Yet if I configure the same on a 3750 switch, it accepts it happily. The ACL being configured should be for all entries below:
access-list 58 permit 10.2.240.1
access-list 58 permit 161.12.20.0 0.0.3.255
access-list 58 permit 10.2.0.0 255.255.255.0
2950 IOS: c2950-i6q4l2-mz.121-6.EA2a.bin
Can anyone shed any light please?
rgds
Phil
Solved! Go to Solution.
10-04-2007 02:37 AM
Phil,
You need to use wildcard masks with ACLS on a router and not the normal subnet masks
The ACL's should be
access-list 58 permit host 10.2.240.1
access-list 58 permit 161.12.20.0 0.0.3.255
access-list 58 permit 10.2.0.0 0.0.0.255
HTH, rate if it does
Narayan
10-04-2007 02:36 AM
Hello,
ignore the wildcard on the above, it should read:
HAVC3003(config)#access-list 58 permit 10.2.0.0 0.0.0.255
%Error: The field sets of all the ACEs in an ACL should match
access-list 58 permit 10.2.240.1
access-list 58 permit 161.12.20.0 0.0.3.255
access-list 58 permit 10.2.0.0 0.0.0.255
2950 IOS: c2950-i6q4l2-mz.121-6.EA2a.bin
Can anyone shed any light please?
rgds
Phil
10-04-2007 02:37 AM
Phil,
You need to use wildcard masks with ACLS on a router and not the normal subnet masks
The ACL's should be
access-list 58 permit host 10.2.240.1
access-list 58 permit 161.12.20.0 0.0.3.255
access-list 58 permit 10.2.0.0 0.0.0.255
HTH, rate if it does
Narayan
10-04-2007 03:00 AM
Phil,
You need to have consistent masks with the access-lists on the 2950 switches.
Try using the same mask on all the 3 entries and you should be ok
This is not a problem with 3750 switches.
I did read this somewhere on the CCO but i am not able to find the link
HTH, rate if it does
Narayan
10-04-2007 03:17 AM
Have a look at this link
HTH
Narayan
10-04-2007 03:38 AM
Hi,
Tried this but it still doesn't want to know:
HAVC3003(config)#no access-list 58
HAVC3003(config)#access-list 58 permit host 10.2.240.1
HAVC3003(config)#access-list 58 permit 10.2.0.0 0.0.0.255
%Error: The field sets of all the ACEs in an ACL should match
Any more ideas?
Thanks
Phil
10-04-2007 03:48 AM
Phil,
Can you try the access-list as
access-list 58 permit 10.2.240.0 0.0.0.255
access-list 58 permit 10.2.0.0 0.0.0.255
Narayan
10-04-2007 04:53 AM
Hmmm strange... if you add the wildcard entries first, and then the host addresses it takes them all ok...
HAVC3001(config)#access-list 58 permit 10.2.0.0 0.0.0.31
HAVC3001(config)#access-list 58 permit host 10.4.115.4
HAVC3001(config)#access-list 58 permit host 10.4.115.7
All working OK now - thanks for the help.
Phil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide