cancel
Showing results for 
Search instead for 
Did you mean: 

N7 ACL Issue

N7 ACL Issue

Robert_Lawrence
New Contributor
I've been asked to create a VLAN that will be used for a guest wireless network. I need to be able to access only the DHCP server on VLAN1 from this new VLAN. I'm trying to create an access-list on our Enterasys N7 Platinum that will do this. Here is what I have so far:

Vlan 1 - 10.50.0.0 255.255.128.0
Vlan 200 (New Vlan) - 10.51.0.0 255.255.252.0

On the N7:

interface vlan 1

ip address 10.50.2.1 255.255.128.0

no shutdown

interface vlan 200

ip address 10.51.0.1 255.255.252.0

ip helper-address 10.50.1.30

no shutdown

access-list 123 permit udp any range 67 68 any
access-list 123 deny ip any 10.51.0.0 0.0.3.255 10.50.0.0 0.0.127.255
access-list 123 permit ip any any

When I apply this outboud to interface vlan 200, it allows all traffic. I was under the impression (coming from a cisco background) that once a rule in an access list has been proccessed, it stops there. So, for intance, shouldn't any traffice denied by the second part of this access list be denied regardless of the last line of this access-list?

I've been struggling with this for a few days and would greatly appreciate any advice you guys could throw my way.

10 REPLIES 10

Andre_Brits_Kan
Contributor II
Hi Robert

To use ACL's is fine but I would recommend utilizing Policy and Policy Manager to quickly and easily create what you require.
GTM-P2G8KFN