IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit
I'm trying to figure out how come I can't seem to add a switch ACL rule.
I have 4 active ACL rules and when I try to turn on the 1st rule, I get the message - IP-Port Group cannot be applied in Switch ACL because its port count exceeds the ACL limit.
All firmware is up-to-date for every component.
The client setup is as follows:
Router - ER8411 v1.0
Controller - OC300 1.0 (with Controller Version 5.14.26.23)
Switch - TL-SG3210XHP-M2 v1.0
APs - EAP 683UR x 4 units
I have a similar ACL configuration at another site using OC200, ER605 and TL-SG2210MP and all 5 rules work and can be enabled on the switch.
Appreciate if anyone with a similar setup can assist me.
Much thanks
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Does anyone have anything on this? I'm sure I cannot be the only one facing this...
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
Run the CLI.
Related commands can be, for extra details, please see the CLI User Guide.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
Thank you for the reply and for the CLI suggestion.
However, may I know what I am looking for in the first place?
Your suggestion doesn't explain why 5 ACLs work in one setting and not in another when the hardware specification is even higher.
The screenshot below is the same 5 ACL rules of the following setup
ER605 v2.0
OC200 v2.0 (controller version 5.14.26.23)
TL-SG2210MP v3.0
- Copy Link
- Report Inappropriate Content
Thanks for posting in our business forum.
WiFi_Done_Right wrote
Hi @Clive_A
Thank you for the reply and for the CLI suggestion.
However, may I know what I am looking for in the first place?
Your suggestion doesn't explain why 5 ACLs work in one setting and not in another when the hardware specification is even higher.
The screenshot below is the same 5 ACL rules of the following setup
ER605 v2.0
OC200 v2.0 (controller version 5.14.26.23)
TL-SG2210MP v3.0
Is that completely identical ACL for the identical subnet and CIDR? Note that the rule does not mean it is the same codes behind the scenes.
I mean, I created a rule, exactly the same as site A(subnet 192.168.0.1/24). I am on site B while I have a subnet of 192.168.0.1/16. This cannot be the same thing.
Same rule from the GUI level, but not the same thing behind the scenes.
Try this command: sh sdm prefer used
- Copy Link
- Report Inappropriate Content
Hi @Clive_A
Yes, I am using identical subnets and CIDR, just a different site with higher grade hardware.
The subnets are as follows:
1) 192.168.0.1/24 (Admin LAN)
2) 192.168.10.1/24 (guest),
3) 192.168.20.1/24 (team 1)
4) 192.168.30.1/24 (team 2)
5) 192.168.40.1/24 (team 3)
Unfortunately I cannot access the client site to link up with the switch and perform CLI at the moment.
Are there any steps I can try remotely via the Omada controller?
I have attempted to reset the switch yesterday and re-did the ACLs all over again but still face the same issue.
- Copy Link
- Report Inappropriate Content
Hi @Clive_A Any feedback on this? Would like to know if this is a software or hardware limitation.
- Copy Link
- Report Inappropriate Content
@WiFi_Done_Right Did you get anywhere on this? I'm facing the same issue.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 444
Replies: 7
Voters 0
No one has voted for it yet.