Configuring directed broadcast IP ACL - Metasys - LIT-12012458 - Field Device - 13.0

Metasys IP Networks for BACnet/IP Controllers Technical Bulletin

Brand
Metasys
Document type
Technical Bulletin
Document number
LIT-12012458
Version
13.0
Revision date
2023-10-23
Product status
Active
Language
English

If directed broadcasts are configured between VLANs as described in Configuring virtual local area networks (VLANs), an IP ACL must be applied to the SVI of the VLAN receiving the directed broadcasts. The directed broadcast IP ACL would restrict the directed broadcasts to only the network engine (s) in the other Metasys BACnet/IP network VLANs.

The following steps are required to configure the directed broadcast IP ACL on a Cisco managed switch. Note that named ACLs are not supported for this purpose, so numbered ACLs are used. Note that ACLs with multiple entries are created through stand-alone commands instead of sub-commands.

Table 1. Configuring a directed broadcast IP ACL on a Cisco managed switch

Configuration step

Cisco IOS CLI command

1

Enter global configuration mode.

Switch# configure terminal

2

Create an IP ACL for the SVI which receives directed broadcasts. In this example, the ACL ID is 101 and 192.168.5.6 is the IP address of the network engine in the other VLAN.

Switch(config)# access-list 101 permit udp host 192.168.5.6 any eq 47808

3

Accept broadcasts from a second network engine .

Switch(config)# access-list 101 permit udp host 192.168.5.7 any eq 47808

4

Exit global configuration mode.

Switch(config)# exit