SG500 - VLAN ACL problems

themaggo123 · ‎11-13-2014

Hey All,

is still struggle to get ACLs working with my SG500.

What i want to do is actually easy. The Sg500 is configured in L3 mode.

I have two VLANs

VLAN 150 - 10.1.150.0/24

VLAN 50 - 10.1.50.0/24

i just want that traffic from the net 10.1.50.0/24 is not routed to the net 10.1.150.0/24.

I created an ACL with an ACE, selected deny, all ports and set the source to 10.1.50.0 0.0.0.255 and the dest to 10.1.150.0 0.0.0.255. i then bound the ACL to the VLAN 150.

Unfortunately, this is not working. What do i wrong?

Thanks and Best Regards

Aleksandra Dargiel · ‎11-14-2014

Hi,

it looks correct. Maybe the testing is incorrect... what is the default gateway on the PC used for testing?

Regards,

Aleksandra

themaggo123 · ‎12-05-2014

Hey Aleksandra,

sorry for the late reply and thanks for your anwser. I tested from a system which had an Ip adress in 10.1.50. and hence the GW was 10.1.50.1. But as already mentioned, i got always an Icmp echo when pinging systems in 10.1.150.X

Aleksandra Dargiel · ‎12-05-2014

Hi,

I am sorry but I only noticed now that your ACL should be bound to VLAN 50 rather than 150. As packets with source address in VLAN 50 are seen only on VLAN 50. Other option is to swap source subnet with destination subnet in this ACL.

I hope it is clear.

Aleksandra

SG500 - VLAN ACL problems

Cisco Business Product Family

Cisco Switching Product Family