Wired Intelligent Edge

 View Only

  • 1.  Extended ACL

    Posted Oct 11, 2016 04:16 AM

    Hi,

    I have a problem with an Extended ACL. I would like to communicate the 9 IPs with each other. Otherwise, the IPs are nowhere to go. Take an example from the first switch.

    IPs: 10.60.213.10, 10.60.213.11, 10.60.213.12
    access to
    IPs: 10.60.210.10, 10.60.210.11, 10.60.210.12, 10.60.213.10, 10.60.213.11, 10.60.213.12

    These are, respectively, 3 out-points which are connected via the main node via OSPF. For testing I have a gateway in the main node created this also released.

    I have specified the gateways of the individual networks. Here my config

    ip access-list extended "KasseWaage"
    10 permit ip 10.60.213.10 0.0.0.0 10.60.210.10 0.0.0.0 log
    20 permit ip 10.60.213.10 0.0.0.0 10.60.210.11 0.0.0.0 log
    30 permit ip 10.60.213.10 0.0.0.0 10.60.210.12 0.0.0.0 log
    40 permit ip 10.60.213.11 0.0.0.0 10.60.210.10 0.0.0.0 log
    50 permit ip 10.60.213.11 0.0.0.0 10.60.210.11 0.0.0.0 log
    60 permit ip 10.60.213.11 0.0.0.0 10.60.210.12 0.0.0.0 log
    70 permit ip 10.60.213.12 0.0.0.0 10.60.210.12 0.0.0.0 log
    80 permit ip 10.60.213.12 0.0.0.0 10.60.210.10 0.0.0.0 log
    90 permit ip 10.60.213.12 0.0.0.0 10.60.210.11 0.0.0.0 log
    100 permit ip 10.60.213.10 0.0.0.0 10.60.211.10 0.0.0.0 log
    110 permit ip 10.60.213.10 0.0.0.0 10.60.211.11 0.0.0.0 log
    120 permit ip 10.60.213.10 0.0.0.0 10.60.211.12 0.0.0.0 log
    130 permit ip 10.60.213.11 0.0.0.0 10.60.211.10 0.0.0.0 log
    140 permit ip 10.60.213.11 0.0.0.0 10.60.211.11 0.0.0.0 log
    150 permit ip 10.60.213.11 0.0.0.0 10.60.211.12 0.0.0.0 log
    160 permit ip 10.60.213.12 0.0.0.0 10.60.211.10 0.0.0.0 log
    170 permit ip 10.60.213.12 0.0.0.0 10.60.211.11 0.0.0.0 log
    180 permit ip 10.60.213.12 0.0.0.0 10.60.211.12 0.0.0.0 log
    200 permit ip 10.60.213.10 0.0.0.0 10.60.212.254 0.0.0.0 log
    210 permit ip 10.60.213.11 0.0.0.0 10.60.212.254 0.0.0.0 log
    220 permit ip 10.60.213.12 0.0.0.0 10.60.212.254 0.0.0.0 log
    240 permit ip 10.60.213.10 0.0.0.0 10.60.211.254 0.0.0.0 log
    250 permit ip 10.60.213.10 0.0.0.0 10.60.213.254 0.0.0.0 log
    260 permit ip 10.60.213.11 0.0.0.0 10.60.211.254 0.0.0.0 log
    270 permit ip 10.60.213.11 0.0.0.0 10.60.213.254 0.0.0.0 log
    280 permit ip 10.60.213.12 0.0.0.0 10.60.211.254 0.0.0.0 log
    290 permit ip 10.60.213.12 0.0.0.0 10.60.213.254 0.0.0.0 log
    300 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
    exit

    vlan 1000
    name "KASSEWAAGE-Transfer"
    tagged B15-B16
    ip access-group "KasseWaage" out
    ip address 10.60.213.254 255.255.255.0
    exit


    #ACLs


  • 2.  RE: Extended ACL

    Posted Oct 15, 2016 10:38 AM

    You didn't state the problem, but I'd try assigning the access-list in in-direction



  • 3.  RE: Extended ACL

    Posted Oct 25, 2016 07:22 AM
    My problem is that I would like to have a whitelist. All I am allowed is allowed and the rest is forbidden. I had tried to test the shared gateways to ping, but that did not work.


Related Content