Dealing with ACL limitations on Catalyst 2950 switch

Discussion in 'Cisco' started by Michael T. Davis, Sep 20, 2012.

  1. I have a Catalyst 2950 switch here running IOS v12 Enhanced Image.
    As you know (if you have dealt with this particular line), while there is
    ACL support, it's rather limited. I would like to set an incoming ACL on
    a port (the switch's uplink) such that telnet (TCP port 23) and SNMP (UDP
    port 161) are allowed from a particular external /26 subnet. The IP
    address for the switch lies within a different /26 subnet. At the same
    time, we need to allow all other traffic through this port. Conceptually,
    the (extended IP) ACL would look something like this:

    permit tcp <ext-subnet> 0.0.0.63 <int-subnet> 0.0.0.63 eq telnet
    deny tcp any any eq telnet
    permit udp <ext-subnet> 0.0.0.63 <int-subnet> 0.0.0.63 eq snmp
    deny udp any any eq snmp
    permit ip any <int-subnet> 0.0.0.63

    Is there a way to implement this without encountering the limitations of
    the ACL support in this switch, as indicated by the error...

    %Error: The field sets of all the ACEs in an ACL on Ethernet interface
    should match.

    ....when an attempt to apply the ACL to an interface is made? (I guess the
    last ACE could use "...any any" rather than "...any <int-subnet> 0.0.0.63",
    if that helps.)

    Thanks,
    Mike
     
    Michael T. Davis, Sep 20, 2012
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rick

    catalyst 2950 acl on VLAN

    Rick, Dec 1, 2003, in forum: Cisco
    Replies:
    0
    Views:
    779
  2. mohitbakre
    Replies:
    3
    Views:
    1,339
    www.BradReese.Com
    Dec 10, 2006
  3. Tacobell
    Replies:
    5
    Views:
    4,609
  4. Neddy
    Replies:
    8
    Views:
    1,763
    Doug McIntyre
    May 27, 2009
  5. jn0n
    Replies:
    0
    Views:
    1,304
Loading...

Share This Page