Unsolved
This post is more than 5 years old
22 Posts
0
20963
November 20th, 2013 11:00
Powerconnect 7024 ACL Help!
Hello All,
I am trying to configure an access control list that will block UDP port 20000 and 19999 (for some lab testing) on interface 1/0/7. When I implement the rule, it blocks ALL the traffic from the and to 172.16.37.56. Is this a bug? Or, am I implementing the rules wrong?
Here is what I did:
DellLab1 (config)#access-list TEST deny udp 172.16.37.56 255.255.255.240 eq 20000 172.16.37.36 255.255.255.240 eq 19999
DellLab1 (config)#access-list TEST permit ip 172.16.37.36 255.255.255.240 any
DellLab1 (config)#interface Gigabitethernet 1/0/7
DellLab1 (config-if-Gi1/0/7)#ip access-group TEST
DellLab1#show ip access-lists
Current number of ACLs: 1 Maximum number of ACLs: 100
ACL Name Rules Interface(s) Direction
------------------------------- ----- ------------------------- ---------
TEST 3 Gi1/0/7 Inbound
I would appreciate any hints on how to set this up!
Thank You,
M-----------
DELL-Josh Cr
Moderator
•
9.6K Posts
•
42.5K Points
0
November 20th, 2013 12:00
Hi, what version is the firmware at? If you run show ip access-lists what is the output? There is an implicit deny rule at the end of the ACL so your permit rule allows ip traffic from 172.16.37.36 255.255.255.240 and everything else will be denied. Page 532 ftp://ftp.dell.com/Manuals/Common/powerconnect-7024_User%27s%20Guide_en-us.pdf
dualsweat
22 Posts
0
November 20th, 2013 13:00
Hi Josh,
Thank you for the assistance. I had noted the commands on page 532. I am running all my commands via the CLI. The version is 4.0.0.6.
Since my original post I have tried several differnt rules with similar results. Currently I have removed all ACL rules.
What commands(s) should I use to explicitly deny udp port 20000 inbound to interface 1/0/7 and allow ALL OTHER traffic?
You can see my original commands in my original post (above).
DellLab1#show version
Image Descriptions
image1 : default image
image2 :
Images currently available on Flash
unit image1 image2 current-active next-active
----- ------------ ------------ ----------------- -----------------
1 4.0.0.6 4.0.0.6 image1 image1
DellLab1#
Thank You!
Matt--------
DELL-Josh Cr
Moderator
•
9.6K Posts
•
42.5K Points
0
November 20th, 2013 14:00
That firmware version is a few revisions out of date and updating it may be helpful as it included some fixes for ACL rules. http://www.dell.com/support/drivers/us/en/555/DriverDetails/Product/powerconnect-7048?driverId=4RMHR&osCode=NAA&fileId=3295050980&languageCode=en&categoryId=NI
Try adding a rule after the ones that you were trying to add for
DellLab1 (config)#access-list TEST permit udp 172.16.37.36 255.255.255.240 any