Link to home
Start Free TrialLog in
Avatar of Ali77
Ali77

asked on

%Error: The field sets of all the ACEs in an ACL on Ethernet interface should match.

Hello,

I am able to use

ip access-list extended SERVER-07
permit ip host 172.16.7.1 host 172.16.7.0 0.0.0.12

but the same time, I can't any more of the following list.

permit ip host 172.16.7.1 host 172.16.10.7
permit ip host 172.16.7.1 host 172.16.10.8
permit ip host 172.16.7.1 host 172.16.13.2
permit ip host 172.16.7.1 host 172.16.13.3

Got Error.

%Error: The field sets of all the ACEs in an ACL on Ethernet interface should match.
Please refer to the Software Configuration Guide to understand one mask restrict ion for ACLs on Ethernet interface.

Even
permit ip host 172.16.7.1 host 172.16.10.7 0.0.0.0 OR
permit ip host 172.16.7.1 host 172.16.10.7 0.0.0..2 OR
permit ip host 172.16.7.1 host 172.16.10.7 0.0.0.10

does not work,
I have to use
permit ip host 172.16.7.1 host 172.16.10.7 0.0.0.12
same as of the first one.

I also tried to make two access list and assign both on the interface but it assign only one.

https://www.experts-exchange.com/questions/24101014/How-to-Add-More-ACE's-in-the-ACL-to-avoid-Out-of-Rule-Resources-Error.html


Any comments, How to resolve.
Avatar of ionut_mir
ionut_mir
Flag of Romania image

One error that I see in your config is:

if you out host 172.16.10.7 - this already implies that it has an wildcard mask of 0.0.0.0 - so you don't need another wildcard.

So, in you SERVER07 access-list remove the "0.0.0.12" wildcard.
ASKER CERTIFIED SOLUTION
Avatar of Ali77
Ali77

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial