Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

Visitor

H3C S5500-28C-EI v5.20, R2202, ACL not working

We have 2XS5500-28C-EI v5.20, R2202 and IRFed as one switch.

 

our ACL task is that only 150.21/22 can be access to 192.168.10.49 for tcp 1433, and 150 range cannot acceess to other 192.168.10.0/24 resources. the current configs as the following.  after this configs, we still can access 192.168.10.0/24 from 192.168.150.0/24.  what's wrong with the configs regarding ACL?

 

also I checked with the manual, there is a "packet-filter" command to apply ACL under interface (looks like it is right command for applying ACL), but I cannot see this "packet-filter" under system-view level under interface,  do I need to upgrade the IOS (firmware)?

 

Much appreciated for any advice. thanks

 

--------------------------------------------------

acl number 3050
 rule 0 permit tcp source 192.168.150.21 0 destination 192.168.10.49 0 destination-port eq 1433
 rule 5 permit tcp source 192.168.150.22 0 destination 192.168.10.49 0 destination-port eq 1433
 rule 15 permit tcp source 192.168.150.0 0.0.0.255 source-port eq 3389
 rule 20 deny ip source 192.168.150.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 25 deny ip source 192.168.150.0 0.0.0.255 destination 192.168.100.0 0.0.0.255
 rule 100 permit ip

 

traffic classifier FirewallV150 operator and
 if-match acl 3050

 

traffic behavior hehavior_FirewallV150
 filter permit

 

qos policy policy_FirewallV150
 classifier FirewallV150 behavior hehavior_FirewallV150

 

interface GigabitEthernet1/0/21
 port access vlan 150
 qos apply policy policy_FirewallV150 inbound
----------------------------------------------------------------------------------------

Who Me Too'd this topic