Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SG500 - VLAN ACL problems

Hey All,

is still struggle to get ACLs working with my SG500.

 

What i want to do is actually easy. The Sg500 is configured in L3 mode.

 

I have two VLANs

VLAN 150 - 10.1.150.0/24

VLAN 50  - 10.1.50.0/24

 

i just want that traffic from the net 10.1.50.0/24 is not routed to the net 10.1.150.0/24.

 

I created an ACL with an ACE, selected deny, all ports and set the source to 10.1.50.0 0.0.0.255 and the dest to 10.1.150.0 0.0.0.255. i then bound the ACL to the VLAN 150.

 

Unfortunately, this is not working. What do i wrong?

 

Thanks and Best Regards

3 REPLIES

Hi,it looks correct. Maybe

Hi,

it looks correct. Maybe the testing is incorrect... what is the default gateway on the PC used for testing? 

Regards,

Aleksandra

New Member

Hey Aleksandra, sorry for the

Hey Aleksandra,

 

sorry for the late reply and thanks for your anwser. I tested from a system which had an Ip adress in 10.1.50. and hence the GW was 10.1.50.1. But as already mentioned, i got always an Icmp echo when pinging systems in 10.1.150.X

Hi,I am sorry but I only

Hi,

I am sorry but I only noticed now that your ACL should be bound to VLAN 50 rather than 150. As packets with source address in VLAN 50 are seen only on VLAN 50. Other option is to swap source subnet with destination subnet  in this ACL.

I hope it is clear.

Aleksandra

119
Views
0
Helpful
3
Replies