Re: Extended ACL

Hi,

I have a problem with an Extended ACL. I would like to communicate the 9 IPs with each other. Otherwise, the IPs are nowhere to go. Take an example from the first switch.

IPs: 10.60.213.10, 10.60.213.11, 10.60.213.12
access to
IPs: 10.60.210.10, 10.60.210.11, 10.60.210.12, 10.60.213.10, 10.60.213.11, 10.60.213.12

These are, respectively, 3 out-points which are connected via the main node via OSPF. For testing I have a gateway in the main node created this also released.

I have specified the gateways of the individual networks. Here my config

ip access-list extended "KasseWaage"
10 permit ip 10.60.213.10 0.0.0.0 10.60.210.10 0.0.0.0 log
20 permit ip 10.60.213.10 0.0.0.0 10.60.210.11 0.0.0.0 log
30 permit ip 10.60.213.10 0.0.0.0 10.60.210.12 0.0.0.0 log
40 permit ip 10.60.213.11 0.0.0.0 10.60.210.10 0.0.0.0 log
50 permit ip 10.60.213.11 0.0.0.0 10.60.210.11 0.0.0.0 log
60 permit ip 10.60.213.11 0.0.0.0 10.60.210.12 0.0.0.0 log
70 permit ip 10.60.213.12 0.0.0.0 10.60.210.12 0.0.0.0 log
80 permit ip 10.60.213.12 0.0.0.0 10.60.210.10 0.0.0.0 log
90 permit ip 10.60.213.12 0.0.0.0 10.60.210.11 0.0.0.0 log
100 permit ip 10.60.213.10 0.0.0.0 10.60.211.10 0.0.0.0 log
110 permit ip 10.60.213.10 0.0.0.0 10.60.211.11 0.0.0.0 log
120 permit ip 10.60.213.10 0.0.0.0 10.60.211.12 0.0.0.0 log
130 permit ip 10.60.213.11 0.0.0.0 10.60.211.10 0.0.0.0 log
140 permit ip 10.60.213.11 0.0.0.0 10.60.211.11 0.0.0.0 log
150 permit ip 10.60.213.11 0.0.0.0 10.60.211.12 0.0.0.0 log
160 permit ip 10.60.213.12 0.0.0.0 10.60.211.10 0.0.0.0 log
170 permit ip 10.60.213.12 0.0.0.0 10.60.211.11 0.0.0.0 log
180 permit ip 10.60.213.12 0.0.0.0 10.60.211.12 0.0.0.0 log
200 permit ip 10.60.213.10 0.0.0.0 10.60.212.254 0.0.0.0 log
210 permit ip 10.60.213.11 0.0.0.0 10.60.212.254 0.0.0.0 log
220 permit ip 10.60.213.12 0.0.0.0 10.60.212.254 0.0.0.0 log
240 permit ip 10.60.213.10 0.0.0.0 10.60.211.254 0.0.0.0 log
250 permit ip 10.60.213.10 0.0.0.0 10.60.213.254 0.0.0.0 log
260 permit ip 10.60.213.11 0.0.0.0 10.60.211.254 0.0.0.0 log
270 permit ip 10.60.213.11 0.0.0.0 10.60.213.254 0.0.0.0 log
280 permit ip 10.60.213.12 0.0.0.0 10.60.211.254 0.0.0.0 log
290 permit ip 10.60.213.12 0.0.0.0 10.60.213.254 0.0.0.0 log
300 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit

vlan 1000
name "KASSEWAAGE-Transfer"
tagged B15-B16
ip access-group "KasseWaage" out
ip address 10.60.213.254 255.255.255.0
exit