Security

Can someone please explain why our user role is not matching the subnet ID? The subnet ID we are trying to allow is 10.24.32.0 /21



 

The host we were testing access to is 10.24.38.2, which should be a part of the 10.24.32.0 /21 subnet

 

However in our testing we found that if we adjust the subnet mask to /18 it does allow the traffic. How is the switch interpreting the subnet ID and subsequent user role policy?

can you show the resulting policy from the switch?

show port-access clients detailed​

Original Message:
Sent: Jan 16, 2023 08:00 AM
From: Vinshinkel
Subject: DUR profile Acl Not Blocking Correctly

Can someone please explain why our user role is not matching the subnet ID? The subnet ID we are trying to allow is 10.24.32.0 /21





The host we were testing access to is 10.24.38.2, which should be a part of the 10.24.32.0 /21 subnet



However in our testing we found that if we adjust the subnet mask to /18 it does allow the traffic. How is the switch interpreting the subnet ID and subsequent user role policy?