Switches, Hubs, and Modems
1748211 Members
4756 Online
108759 Solutions
New Discussion юеВ

Help with ACL on 5308 Switch

 
A Sidoti
Occasional Contributor

Help with ACL on 5308 Switch

Hi,

I have read many threads here relating to ACL and I need some clarification. I have attached a text file showing the ACL 101, how the ACL is applied to Vlan30 and finally the output from a Syslog dump. My questions are,

Is it true that this switch is 'Stateless' when it comes to using ACL?

If so then am I correct in that the Syslog output shows that return traffic is not getting 'out' from the Vlan that I have applied it to?
Do I need to add another ACL like "access-list 50 permit any" and applied to Vlan30 with the filter for 'out' i.e, ip access-group 50 out

Have I gone about this the right way? I am happy to have any feedback on how to do this better.

Many thanks in advance
3 REPLIES 3
cenk sasmaztin
Honored Contributor

Re: Help with ACL on 5308 Switch

hi
what you can want make whit acl 101 on vlan 30
cenk

Jarret Workman
HPE Pro

Re: Help with ACL on 5308 Switch

Hello A Sidoti,

Looking at the ACL, there is not a permit statement for 10.100.30.0 and the ACL is applied inbound on vlan 30. As a result, the implicit deny any any at the end of the ACL is blocking 10.100.30.0 traffic.

When I think about inbound versus outbound, I look at it as if I am standing inside the switch. So in this case, your ACL is applied inbound on vlan 30 and is blocking any traffic coming in on the ports configured in vlan 30.

Depending on your end goal, it should be simple enough to just add a line to your existing ACL to permit ip 10.100.30.0 0.0.0.255 0.0.0.0 255.255.255.255.

Hope that helps.

Regards,

Jarret

Accept or Kudo

A Sidoti
Occasional Contributor

Re: Help with ACL on 5308 Switch

Hi,

Thanks for the reply. I will change the ACL to add the network 10.100.30.0/24. I will let you know how it goes tonight.