Switching and Routing

5412zl Core switch invalid input (access-group)

 
noadaz
Occasional Advisor

5412zl Core switch invalid input (access-group)

Hi All,

I've created an acl using the following command: (example)

ip access-list extended "wol-acl"
10 permit ip 10.10.160.26 0.0.0.0 0.0.0.0 255.255.255.255
20 permit ip 10.10.160.60 0.0.0.0 0.0.0.0 255.255.255.255
exit

But when running this command ip directed-broadcast access-group "wol-acl" it throws invalid input: access-group. Not sure why, I do have VLANS if this is the cause?

12 REPLIES 12
Rajendra_Jena
HPE Pro

Re: 5412zl Core switch invalid input (access-group)

Hi @noadaz 

Can you try below?


HP-Switch-5406zl#conf t

HP-Switch-5406zl(config)#ip directed-broadcast access-group wol-acl

If still not working then provide output of below command.

show access-list
show run | i  wol-acl

Best Regards,
I am an HPE Employee

Accept or Kudo

noadaz
Occasional Advisor

Re: 5412zl Core switch invalid input (access-group)

Hi @Rajendra_Jena 

 

NOA-Core-5412-01(config)# ip directed-broadcast access-group wol-acl
Invalid input: access-group
NOA-Core-5412-01(config)# show access-list

Access Control Lists

Type Appl Name
---- ---- ----------------------------------------------------------------
std no Access-To-CCTV-VLAN
ext no wol-acl

NOA-Core-5412-01(config)# show run|i wol-acl
ip access-list extended "wol-acl"

Rajendra_Jena
HPE Pro

Re: 5412zl Core switch invalid input (access-group)

@noadaz 

Provide me output of below command

 

NOA-Core-5412-01(config)# ip directed-broadcast ?

NOA-Core-5412-01(config)# ip directed-broadcast  access-group ?

NOA-Core-5412-01# show system
NOA-Core-5412-01# show modules

Best Regards,
I am an HPE Employee

Accept or Kudo

akg7
HPE Pro

Re: 5412zl Core switch invalid input (access-group)

Hello @noadaz ,

I tried the similar commands into LAB? and these commands are working fine.

Can you confirm if 'IP routing' is configured in the switch?

Also share chassis product/SKU number 'JXXXXX' of the switch by using 'show modules'

There is a limitation that 'ip directed-broadcast' is not supported on all platform.

 

 

HP-Switch-5406zl# show access-list

 Access Control Lists

  deny-fragmented-tcp-header          : Disabled
  deny-non-classifiable-layer4-header : Disabled

  Type  Appl  Name
  ----  ----  ----------------------------------------------------------------

HP-Switch-5406zl# config t
HP-Switch-5406zl(config)# ip access-list extended "wol-acl"
HP-Switch-5406zl(config-ext-nacl)# 10 permit ip 10.10.160.26 0.0.0.0 0.0.0.0 255.255.255.255
HP-Switch-5406zl(config-ext-nacl)# 20 permit ip 10.10.160.60 0.0.0.0 0.0.0.0 255.255.255.255
HP-Switch-5406zl(config-ext-nacl)# exit
HP-Switch-5406zl(config)#  ip directed-broadcast access-group "wol-acl"
HP-Switch-5406zl(config)# show access-list
 Access Control Lists

  deny-fragmented-tcp-header          : Disabled
  deny-non-classifiable-layer4-header : Disabled

  Type  Appl  Name
  ----  ----  ----------------------------------------------------------------
  ext   yes   wol-acl

 

 

 

For you reference sharing supported platform list:

Support.JPG

 Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
Ivan_B
HPE Pro

Re: 5412zl Core switch invalid input (access-group)

Hi @noadaz !

As @akg7  already suggested, you need to have 'ip routing' enabled on the switch. I've seen these errors before and they happen when it's not turned on.

Verify it by 'show run | i routing'. If you don't see 'ip routing' in the output, just execute following commands:

 

 

configure
 ip routing

 

 

and try  'ip directed-broadcast access-group "wol-acl"' once again.

 

I am an HPE employee

Accept or Kudo

noadaz
Occasional Advisor

Re: 5412zl Core switch invalid input (access-group)

Hi @akg7 and @Ivan_B 

Ip routing is enabled and the switch is in the list of those supported as its the 5412 zl J8698A

NOA-Core-5412-01(config)# show run|i routing
ip routing

So not sure what is going on.

noadaz
Occasional Advisor

Re: 5412zl Core switch invalid input (access-group)

Hi @Rajendra_Jena 

Maybe I'm a newbie here but I cannot get a question mark to appear?

akg7
HPE Pro

Re: 5412zl Core switch invalid input (access-group)

Hello @noadaz ,

Can you share the running software version and product number 'JXXXX' of the chassis?

'show version'

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
noadaz
Occasional Advisor

Re: 5412zl Core switch invalid input (access-group)

Hi @akg7 

Chassis number shared above and ...

NOA-Core-5412-01# show version
Image stamp:
/ws/swbuildm/maint_spokane_qaoff/code/build/btm(swbuildm_maint_spokane_qaoff_ma
int_spokane)
Jun 30 2021 22:36:22
K.16.02.0033
685
Boot Image: Primary

Boot ROM Version: K.15.30