- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- H3C S5500-28C-EI v5.20, R2202, ACL not working
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-01-2012 04:43 PM - edited 03-01-2012 04:44 PM
03-01-2012 04:43 PM - edited 03-01-2012 04:44 PM
We have 2XS5500-28C-EI v5.20, R2202 and IRFed as one switch.
our ACL task is that only 150.21/22 can be access to 192.168.10.49 for tcp 1433, and 150 range cannot acceess to other 192.168.10.0/24 resources. the current configs as the following. after this configs, we still can access 192.168.10.0/24 from 192.168.150.0/24. what's wrong with the configs regarding ACL?
also I checked with the manual, there is a "packet-filter" command to apply ACL under interface (looks like it is right command for applying ACL), but I cannot see this "packet-filter" under system-view level under interface, do I need to upgrade the IOS (firmware)?
Much appreciated for any advice. thanks
--------------------------------------------------
acl number 3050
rule 0 permit tcp source 192.168.150.21 0 destination 192.168.10.49 0 destination-port eq 1433
rule 5 permit tcp source 192.168.150.22 0 destination 192.168.10.49 0 destination-port eq 1433
rule 15 permit tcp source 192.168.150.0 0.0.0.255 source-port eq 3389
rule 20 deny ip source 192.168.150.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
rule 25 deny ip source 192.168.150.0 0.0.0.255 destination 192.168.100.0 0.0.0.255
rule 100 permit ip
traffic classifier FirewallV150 operator and
if-match acl 3050
traffic behavior hehavior_FirewallV150
filter permit
qos policy policy_FirewallV150
classifier FirewallV150 behavior hehavior_FirewallV150
interface GigabitEthernet1/0/21
port access vlan 150
qos apply policy policy_FirewallV150 inbound
----------------------------------------------------------------------------------------
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-02-2012 09:34 AM
03-02-2012 09:34 AM
SolutionFirst of all, I suggest you to upgrade your software:
https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=JD375A
Looking at your example, this one should work:
interface GigabitEthernet1/0/21
packet-filter 3050 inbound
packet-filter 3050 outbound
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-05-2012 08:48 PM
03-05-2012 08:48 PM
Re: H3C S5500-28C-EI v5.20, R2202, ACL not working
Thanks Michael, much appreciated