[e-nsp] TCP access list / EW 7.6
Marcin Kuczera
marcin at leon.pl
Fri Aug 24 06:06:38 EDT 2007
hello,
I have a problem with creation of access list that would drop unwanted tcp
traffic.
I have an access list like that:
* Alpine3808:31 # show access-list
Rule Dest/mask:L4DP Src/mask:L4SP Flags Hits
port_137 0.0.0.0 /0 :137 0.0.0.0 /0 :0 T-D-X 0
Flags: I=IP, T=TCP, U=UDP, E=Established, M=ICMP, G=IGMP
P=Permit Rule, D=Deny Rule
N=Port Specific Rule, X=Any Port
but, if I try to do a telnet to port 137 it is not notified in "Hits" and it
is not dropped.
As I could see, only pure IP acl works, but TCP and UDP no.
Switch has a Full L3 license, EW is
Primary EW Ver: 7.6.4.4 [ssh] [wlan]
No L3 routing is done on the switch, just L2 vlans.
Is there any way to make TCP acls to work on this device ?
Regards,
Marcin
More information about the extreme-nsp
mailing list