Dealing with ACL limitations on Catalyst 2950 switch

I have a Catalyst 2950 switch here running IOS v12 Enhanced Image. As you know (if you have dealt with this particular line), while there is ACL support, it's rather limited. I would like to set an incoming ACL on a port (the switch's uplink) such that telnet (TCP port 23) and SNMP (UDP port 161) are allowed from a particular external /26 subnet. The IP address for the switch lies within a different /26 subnet. At the same time, we need to allow all other traffic through this port. Conceptually, the (extended IP) ACL would look something like this:

permit tcp 0.0.0.63 0.0.0.63 eq telnet deny tcp any any eq telnet permit udp 0.0.0.63 0.0.0.63 eq snmp deny udp any any eq snmp permit ip any 0.0.0.63

Is there a way to implement this without encountering the limitations of the ACL support in this switch, as indicated by the error...

%Error: The field sets of all the ACEs in an ACL on Ethernet interface should match.

...when an attempt to apply the ACL to an interface is made? (I guess the last ACE could use "...any any" rather than "...any 0.0.0.63", if that helps.)

Thanks, Mike

Reply to
Michael T. Davis
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.