This post is more than 5 years old
14 Posts
0
27902
PowerConnect M6220 ACL issues
Hello, got a pair of PowerConnect M6220 blade switches, pretty much the same as 6224
I am trying to apply acls to interface, and I am unable to do so.
Here is what I am trying to do:
coresw(config)#access-list internet-out deny ip any 10.0.0.0 255.0.0.0
coresw(config)#access-list internet-out permit every
coresw(config-if-Gi1/0/17)#ip access-group internet-out out
Error processing ACL.
coresw(config-if-Gi1/0/17)#
<190> MAR 25 00:37:12 10.128.101.1-1 DRIVER[126512544]: broad_acl.c(1611) 4 %% ACL not applied to port 134217728
There are no other ACLs in this switch or on any interface on the switch.
As you can see, this is a 2 line acl from the 90's which refuses to work. Basically what I am trying to do is filter out any local ip traffic.
Am I doing something wrong here? According www.dell.com/.../pwcnt_IP_ACLs.pdf I can filter destination in egress.
Any help is appreciated, thank you.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
March 28th, 2016 12:00
I was able to test this on a M6220 and can confirm the behavior you are seeing is a hardware limitation. The IP based ACL cannot be applied Egress. You should have no problems applying Ingress.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
March 25th, 2016 08:00
I don't have access to an M6220, but I was able to test this on a 6248 and 7024, and the the ACL applied without any error. Are you able to apply the ACL ingress without any error messages?
Looking through the firmware release notes.
dell.to/1RpUrD9
I noticed the following.
"Binding an IP ACL as out bound to an interface, via Web UI, does not generate an error message. Furthermore, the config gets applied to the interface as an inbound ACL. When the same action is done via CLI, an error message is generated and the config is not applied."
This could be an indicator that IP based ACLs cannot be applied egress on an interface. Maybe test applying a MAC based ACL egress. What firmware is the switch on?
MrRack
14 Posts
0
March 25th, 2016 08:00
It is running the latest 5.1.9.4 firmware.
I am suspecting a hardware issue, because I simply cannot apply that acl.
And it's a simple 1 line ACL
console#show version
System Description................ Dell Ethernet Switch
System Up Time.................... 0 days, 06h:19m:57s
System Contact....................
System Name.......................
System Location...................
Burned In MAC Address............. D067.E5D0.8A2E
System Object ID.................. 1.3.6.1.4.1.674.10895.3015
System Model ID................... PCM6220
Machine Type...................... PowerConnect M6220
unit image1 image2 current-active next-active
---- ----------- ----------- -------------- --------------
1 5.1.9.4 image1 image1
console#