View Only
last person joined: 2 days ago 

Can't apply TCP rule to VLAN ACL on 5400 Series

This thread has been viewed 11 times
  • 1.  Can't apply TCP rule to VLAN ACL on 5400 Series

    Posted Aug 26, 2022 09:07 AM

    So I've done this a ton of times, but I seem to have stumped myself.

    I have an ACL that is for my remote Camera system.  I want to allow communication within the internal network over port TCP 4100

    There are some other things in the ACL but this mainly for networking/switch management.  All of that is working fine, it's just the TCP line #9 that doesn't seem to work.  To clarify the VLAN's i'm trying to connect from have no ACL's applied to them so the issue isn't in the inbound traffic.  If I apply an implicit permit any any rule to the start of this ACL the traffic works, so I know it's isolated to this rule.

    ip access-list extended "DVR-VLAN30"
    2 permit ip
    3 permit ip
    8 permit ip
    9 permit tcp eq 4100
    10 permit ip
    20 permit ip
    30 permit ip
    50 deny ip
    55 deny tcp
    60 deny ip
    65 deny udp
    90 permit ip

    at first I had this rule applied to the vlan as "ip access-group "DVR-VLAN30" in 

    However I read somewhere that I should try to apply it using "vlan" instead of in.  From my understanding it's interchangeable and It seems to work identically to the "in"

    vlan 30
    name "DVR"
    untagged A3-A4,B10,J24
    ip helper-address
    ip helper-address
    ip address
    ip access-group "DVR-VLAN30" vlan