Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

MrRack

14 Posts

27885

March 24th, 2016 16:00

PowerConnect M6220 ACL issues

Hello, got a pair of PowerConnect M6220 blade switches, pretty much the same as 6224

I am trying to apply acls to interface, and I am unable to do so.
Here is what I am trying to do:

coresw(config)#access-list internet-out deny ip any 10.0.0.0 255.0.0.0
coresw(config)#access-list internet-out permit every

coresw(config-if-Gi1/0/17)#ip access-group internet-out out

Error processing ACL.

coresw(config-if-Gi1/0/17)#

<190> MAR 25 00:37:12 10.128.101.1-1 DRIVER[126512544]: broad_acl.c(1611) 4 %% ACL not applied to port 134217728


There are no other ACLs in this switch or on any interface on the switch.
As you can see, this is a 2 line acl from the 90's which refuses to work. Basically what I am trying to do is filter out any local ip traffic.
Am I doing something wrong here? According www.dell.com/.../pwcnt_IP_ACLs.pdf I can filter destination in egress.

Any help is appreciated, thank you.

Anonymous

5 Practitioner

 • 

274.2K Posts

March 28th, 2016 12:00

I was able to test this on a M6220 and can confirm the behavior you are seeing is a hardware limitation. The IP based ACL cannot be applied Egress. You should have no problems applying Ingress.

Anonymous

5 Practitioner

 • 

274.2K Posts

March 25th, 2016 08:00

I don't have access to an M6220, but I was able to test this on a 6248 and 7024, and the the ACL applied without any error. Are you able to apply the ACL ingress without any error messages?

Looking through the firmware release notes.

dell.to/1RpUrD9

I noticed the following.

"Binding an IP ACL as out bound to an interface, via Web UI, does not generate an error message. Furthermore, the config gets applied to the interface as an inbound ACL. When the same action is done via CLI, an error message is generated and the config is not applied."

This could be an indicator that IP based ACLs cannot be applied egress on an interface. Maybe test applying a MAC based ACL egress. What firmware is the switch on?

MrRack

14 Posts

March 25th, 2016 08:00

It is running the latest 5.1.9.4 firmware.

I am suspecting a hardware issue, because I simply cannot apply that acl.

And it's a simple 1 line ACL

console#show version

System Description................ Dell Ethernet Switch

System Up Time.................... 0 days, 06h:19m:57s

System Contact....................

System Name.......................

System Location...................

Burned In MAC Address............. D067.E5D0.8A2E

System Object ID.................. 1.3.6.1.4.1.674.10895.3015

System Model ID................... PCM6220

Machine Type...................... PowerConnect M6220

unit image1      image2      current-active next-active

---- ----------- ----------- -------------- --------------

1    5.1.9.4          image1         image1

console#

View More

View All

No Events found!

Top