The number of ACL rules has reached the limit
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @Hank21
Glad to know I am nowhere near the limit on ACL rules for the switch.
Here's my config:
Rule 3/4 are the reverse of each other. All other rules are unidirectional.
So since I'm well within the 32 rules 😁, what could be the problem?
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hello @Hank21
Nice to know, thanks.
Upon showing all the ACL using the terminal, holy molly, there's a LOT of ACL rules.
I've got 14 "combined access list" which corresponds to the 14 "enabled" rules in Omada.
However, each combined list have loads of rules. For example, the first one have 336 rules in it.
So now I am confused by the specs where it says max 32 ACL rules. So what is considered as a "rule" then?
- Copy Link
- Report Inappropriate Content
Hi @MwaItou,
Did you use the Command "show access-list status" via CLI?
Could you share a screenshot of the list on the CLI page with us?
The port and protocol you choose when setting up an ACL will both affect the ACL resource calculation, have you tried using the Gateway ACL?
- Copy Link
- Report Inappropriate Content
So I guess I would hit the combined ACL limit by creating other rules.
For this ACL rule in Omada
I get this combined ACL result:
TL-SG2218#show access-list
Combined access list 1000 name: "ACL_1000"
rule 1 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
rule 2 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
rule 3 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
rule 4 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
rule 5 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
rule 6 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
rule 7 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
rule 8 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
rule 9 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
rule 10 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
rule 11 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
rule 12 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
rule 13 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
rule 14 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
rule 15 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
rule 16 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
rule 17 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
rule 18 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
rule 19 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
rule 20 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
rule 21 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
rule 22 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
rule 23 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
rule 24 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
rule 25 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
rule 26 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
rule 27 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
rule 28 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
rule 29 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
rule 30 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
rule 31 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
rule 32 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
rule 33 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
rule 34 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
rule 35 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
rule 36 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
rule 37 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
rule 38 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
rule 39 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
rule 40 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
rule 41 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
rule 42 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
rule 43 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
rule 44 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
rule 45 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
rule 46 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
rule 47 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
rule 48 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
rule 49 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
rule 50 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
rule 51 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
rule 52 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
rule 53 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
rule 54 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
rule 55 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
rule 56 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
rule 57 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
rule 58 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
rule 59 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
rule 60 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
rule 61 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
rule 62 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
rule 63 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
rule 64 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
rule 65 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
rule 66 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
rule 67 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
rule 68 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
rule 69 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
rule 70 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
rule 71 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
rule 72 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
rule 73 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
rule 74 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
rule 75 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
rule 76 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
rule 77 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
rule 78 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
rule 79 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
rule 80 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
rule 81 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
rule 82 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
rule 83 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
rule 84 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
rule 85 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
rule 86 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
rule 87 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
rule 88 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
rule 89 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
rule 90 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
rule 91 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
rule 92 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
rule 93 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
rule 94 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
rule 95 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
rule 96 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
rule 97 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
rule 98 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
rule 99 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
rule 100 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
rule 101 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
rule 102 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
rule 103 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
rule 104 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
rule 105 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
rule 106 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
rule 107 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
rule 108 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
rule 109 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
rule 110 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
rule 111 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
rule 112 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
rule 113 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
rule 114 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
rule 115 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
rule 116 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
rule 117 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
rule 118 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
rule 119 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
rule 120 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
rule 121 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
rule 122 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
rule 123 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
rule 124 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
rule 125 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
rule 126 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
rule 127 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
rule 128 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
rule 129 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
rule 130 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
rule 131 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
rule 132 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
rule 133 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
rule 134 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
rule 135 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
rule 136 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
rule 137 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
rule 138 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
rule 139 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
rule 140 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
rule 141 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
rule 142 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
rule 143 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
rule 144 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
rule 145 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
rule 146 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
rule 147 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
rule 148 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
rule 149 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
rule 150 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
rule 151 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
rule 152 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
rule 153 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
rule 154 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
rule 155 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
rule 156 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
rule 157 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
rule 158 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
rule 159 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
rule 160 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
rule 161 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
rule 162 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
rule 163 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
rule 164 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
rule 165 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
rule 166 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
rule 167 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
rule 168 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
rule 169 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
rule 170 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
rule 171 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
rule 172 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
rule 173 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
rule 174 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
rule 175 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
rule 176 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
rule 177 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
rule 178 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
rule 179 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
rule 180 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
rule 181 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
rule 182 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
rule 183 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
rule 184 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
rule 185 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
rule 186 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
rule 187 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
rule 188 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
rule 189 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
rule 190 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
rule 191 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
rule 192 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
rule 193 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
rule 194 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
rule 195 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
rule 196 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
rule 197 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
rule 198 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
rule 199 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
rule 200 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
rule 201 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
rule 202 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
rule 203 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
rule 204 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
rule 205 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
rule 206 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
rule 207 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
rule 208 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
rule 209 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
rule 210 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
rule 211 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
rule 212 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
rule 213 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
rule 214 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
rule 215 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
rule 216 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
rule 217 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
rule 218 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
rule 219 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
rule 220 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
rule 221 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
rule 222 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
rule 223 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
rule 224 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
rule 225 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
rule 226 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
rule 227 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
rule 228 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
rule 229 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
rule 230 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
rule 231 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
rule 232 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
rule 233 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
rule 234 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
rule 235 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
rule 236 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
rule 237 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
rule 238 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
rule 239 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
rule 240 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
rule 241 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
rule 242 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
rule 243 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
rule 244 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
rule 245 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
rule 246 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
rule 247 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
rule 248 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
rule 249 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
rule 250 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
rule 251 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
rule 252 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
rule 253 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
rule 254 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
rule 255 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
rule 256 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
rule 257 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
rule 258 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
rule 259 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
rule 260 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
rule 261 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
rule 262 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
rule 263 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
rule 264 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
rule 265 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
rule 266 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
rule 267 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
rule 268 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
rule 269 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
rule 270 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
rule 271 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
rule 272 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
rule 273 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
rule 274 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
rule 275 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
rule 276 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
rule 277 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
rule 278 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
rule 279 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
rule 280 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
rule 281 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
rule 282 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
rule 283 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
rule 284 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
rule 285 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
rule 286 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
rule 287 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
rule 288 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
rule 289 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
rule 290 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
rule 291 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
rule 292 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
rule 293 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
rule 294 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
rule 295 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
rule 296 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
rule 297 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
rule 298 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
rule 299 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
rule 300 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
rule 301 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
rule 302 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
rule 303 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
rule 304 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
rule 305 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
rule 306 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
rule 307 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
rule 308 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
rule 309 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
rule 310 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
rule 311 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
rule 312 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
rule 313 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
rule 314 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
rule 315 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
rule 316 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
rule 317 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
rule 318 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
rule 319 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
rule 320 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
rule 321 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
rule 322 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
rule 323 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
rule 324 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
rule 325 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
rule 326 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
rule 327 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
rule 328 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
rule 329 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
rule 330 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
rule 331 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
rule 332 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
rule 333 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
rule 334 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
rule 335 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
rule 336 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
And here's the profile group used:
Other "combined" access rules are not that huge compared to this one.
The reason I need this rule is because I disable all network communication between VLANS and since AdGuard is in a VLAN, I need it to allow DNS and DHCP to come through.
I would use the gateway but last time I tried I found it quite limiting since I can't specify ports.
By using a gateway rule, would it be used if the switch determines that it does not need to go to the switch since communication would be port-to-port direct within the switch?
- Copy Link
- Report Inappropriate Content
Hello @MwaItou,
For now, the Gateway ACL does not support you to choose the IP-Port, but the switch does offer that option. If you want to replace a rule from the Switch ACL with the Gateway ACL, you can choose one to delete and add the DNS-related rule in the Switch ACL as your image shows. By the way, the protocol you selected resulted in the generation of multiple ACL rules. However, if you choose 'All' for the Protocol, it will generate only one rule. Just thought you should know.
- Copy Link
- Report Inappropriate Content
Thanks for the tip about the protocol. Didn't know that indeed.
Not sure though what you meant in the first part of your reply.
Also, do you know if the switch will use a gateway ACL rule defined to deny access between VLAN? I am thinking that since two devices connected to the switch won't use the gateway as it is not needed since a direct switch connection can be made.
- Copy Link
- Report Inappropriate Content
Hi @MwaItou,
The Gateway ACL is available and active only for the Omada Router, and the Swtich ACL will be active only on the switch devices.
- Copy Link
- Report Inappropriate Content
Ok, so then having a gateway ACL preventing clients from connecting between VLAN would only work if each client is connected to a gateway port then?
If they are physically connected to switch ports then the ACL won't even be used?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1394
Replies: 10
Voters 0
No one has voted for it yet.