11-13-2014 01:43 AM
Hey All,
is still struggle to get ACLs working with my SG500.
What i want to do is actually easy. The Sg500 is configured in L3 mode.
I have two VLANs
VLAN 150 - 10.1.150.0/24
VLAN 50 - 10.1.50.0/24
i just want that traffic from the net 10.1.50.0/24 is not routed to the net 10.1.150.0/24.
I created an ACL with an ACE, selected deny, all ports and set the source to 10.1.50.0 0.0.0.255 and the dest to 10.1.150.0 0.0.0.255. i then bound the ACL to the VLAN 150.
Unfortunately, this is not working. What do i wrong?
Thanks and Best Regards
11-14-2014 06:14 AM
Hi,
it looks correct. Maybe the testing is incorrect... what is the default gateway on the PC used for testing?
Regards,
Aleksandra
12-05-2014 01:19 AM
Hey Aleksandra,
sorry for the late reply and thanks for your anwser. I tested from a system which had an Ip adress in 10.1.50. and hence the GW was 10.1.50.1. But as already mentioned, i got always an Icmp echo when pinging systems in 10.1.150.X
12-05-2014 05:01 AM
Hi,
I am sorry but I only noticed now that your ACL should be bound to VLAN 50 rather than 150. As packets with source address in VLAN 50 are seen only on VLAN 50. Other option is to swap source subnet with destination subnet in this ACL.
I hope it is clear.
Aleksandra
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: