Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

H3C S5500-28C-EI v5.20, R2202, ACL not working

SOLVED
Go to solution
digitluohp
Visitor

H3C S5500-28C-EI v5.20, R2202, ACL not working

We have 2XS5500-28C-EI v5.20, R2202 and IRFed as one switch.

 

our ACL task is that only 150.21/22 can be access to 192.168.10.49 for tcp 1433, and 150 range cannot acceess to other 192.168.10.0/24 resources. the current configs as the following.  after this configs, we still can access 192.168.10.0/24 from 192.168.150.0/24.  what's wrong with the configs regarding ACL?

 

also I checked with the manual, there is a "packet-filter" command to apply ACL under interface (looks like it is right command for applying ACL), but I cannot see this "packet-filter" under system-view level under interface,  do I need to upgrade the IOS (firmware)?

 

Much appreciated for any advice. thanks

 

--------------------------------------------------

acl number 3050
 rule 0 permit tcp source 192.168.150.21 0 destination 192.168.10.49 0 destination-port eq 1433
 rule 5 permit tcp source 192.168.150.22 0 destination 192.168.10.49 0 destination-port eq 1433
 rule 15 permit tcp source 192.168.150.0 0.0.0.255 source-port eq 3389
 rule 20 deny ip source 192.168.150.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 25 deny ip source 192.168.150.0 0.0.0.255 destination 192.168.100.0 0.0.0.255
 rule 100 permit ip

 

traffic classifier FirewallV150 operator and
 if-match acl 3050

 

traffic behavior hehavior_FirewallV150
 filter permit

 

qos policy policy_FirewallV150
 classifier FirewallV150 behavior hehavior_FirewallV150

 

interface GigabitEthernet1/0/21
 port access vlan 150
 qos apply policy policy_FirewallV150 inbound
----------------------------------------------------------------------------------------

2 REPLIES
MichaelM55
Trusted Contributor
Solution

Re: H3C S5500-28C-EI v5.20, R2202, ACL not working

First of all, I suggest you to upgrade your software:

 

https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=JD375A

 

Looking at your example, this one should work:

 

interface GigabitEthernet1/0/21

packet-filter 3050 inbound

packet-filter 3050 outbound

digitluohp
Visitor

Re: H3C S5500-28C-EI v5.20, R2202, ACL not working

Thanks Michael, much appreciated