Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

4200g ALCs Not Working

 
Network Manager
Occasional Contributor

4200g ALCs Not Working

We are having issues with ACLs not working on a 4200g. Current setup is as follows:


Working Setup


4200g trunked to a 5500ei for two VLANs. Basic ACL denying default vlan network, but allowing specific hosts access to the vlans. ACls applied to the 5500 work properly.

ACL 2000
rule 0 deny source x.x.x.x 0.0.0.255 (default vlan)
rule 1 permit source x.x.x.x. 0 (specific computer on default vlan)

ACL is applied to both VLANs on the 5500 and all works fine.

 

NEW SETUP

The 5500 is only 10/100 and we need 1g connections, so we put another 4200g inplace of the 5500. The new 4200g has the latest firmware and is configured exactly the same way as the 5500, trunking etc. However, the ACLs are not working properly. We can deny traffic, however, the permit does not allow traffic. We have tried many different variations, including Advanced ACLs, but none seem to work.


New 4200g ACL EXAMPLE: (tried applying gloablly and at the vlan)

------

ACL 2000
rule 0 deny source x.x.x.x 0.0.0.255 (default vlan)

This works as it blocks traffic from the default VLAN
-------


-------
ACL 2000
rule 0 deny source x.x.x.x 0.0.0.255 (default vlan)
rule 1 permit source x.x.x.x. 0 (specific computer on default vlan)

This does not work, it denys all traffic. (Works on the 5500)
-------

-------
ACL 2000

rule 0 permit source x.x.x.x. 0 (specific computer on default vlan)
rule 1 deny source x.x.x.x 0.0.0.255 (default vlan)

This does not work, it denys all traffic.
-------


Does the 4200g (Comware 3.02) handle ACLs differently than the 5500EI (3.03)? If so, how do we get this to work? Is there a bug in the 4200g?

 

Many thanks in advance for any assistance.