3com 4500g ACL issues
i currently have a lab that is on it's own VLAN. This lab needs to have access to port 80 and port 443 only. But my main network needs to have full access to the server on this network. 172.16.253.2 /24
I have the following acl on my core routed switch and it was working but now it just stopped. I can no longer access the server at all. Can someone help me please??
here's the ACL
Acl number 3100
rule 0 permit tcp source 172.16.253.2 0 destination 10.0.0.0 0.255.255.255
rule 1 permit tcp source 10.0.0.0 0.255.255.255 destination 172.16.253.2 0
rule 5 permit tcp source 172.16.253.0 0.0.0.255 destination 10.69.0.1 0 destination-port eq www
rule 10 permit tcp source 172.16.253.0 0.0.0.255 destination 10.69.0.1 0 destination-port eq 443
rule 15 deny ip source 172.16.253.0 0.0.0.255 destination 10.0.0.0 0.255.255.255
From what I can tell the lab computer aren't able to access anything on the network except computers on their own subnet and the internet so that part is working fine but I need to be able to access the server from anywhere on our 10.0.0.0 network.
Not read the ACL in depth etc, but are the servers/network you trying to access on the default VLAN1?
VLAN1 is only for management of switches (once you start adding additional VLANs) and not accessible from any other VLAN.
You may have to create an additional VLAN for 172.16.253.2 /24 and another for 10.0.0.0 network.
Also, you have to apply the ACL Rule(s) to the appropriate port(s) on the Switch.
Yes as stated the lab is on it's own Vlan. Vlan 666 to be exact (this lab has MAC's in it and I'm not much of a MAC person).
Can you tell us where on which interface you did place this ACL? knowing 3com 5500's it makes a huge difference
I have applied it to Gig 1/0/51. All of the lab traffic comes across this port. I wanted to apply it to the vlan but the switch doesn't have the commands available to do that. What's even stranger is that it was working for two months.