[e-nsp] TCP access list / EW 7.6

Marcin Kuczera marcin at leon.pl
Fri Aug 24 06:06:38 EDT 2007


hello,

I have a problem with creation of access list that would drop unwanted tcp 
traffic.

I have an access list like that:
* Alpine3808:31 # show access-list
  Rule          Dest/mask:L4DP          Src/mask:L4SP         Flags  Hits
port_137 0.0.0.0        /0 :137   0.0.0.0        /0 :0     T-D-X 0
Flags: I=IP, T=TCP, U=UDP, E=Established, M=ICMP, G=IGMP
       P=Permit Rule, D=Deny Rule
       N=Port Specific Rule, X=Any Port

but, if I try to do a telnet to port 137 it is not notified in "Hits" and it 
is not dropped.
As I could see, only pure IP acl works, but TCP and UDP no.

Switch has a Full L3 license, EW is
Primary EW Ver:   7.6.4.4 [ssh] [wlan]

No L3 routing is done on the switch, just L2 vlans.

Is there any way to make TCP acls to work on this device ?

Regards,
Marcin



More information about the extreme-nsp mailing list