cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


2009
Views
0
Helpful
8
Replies
Peter __
Beginner

New firmware change for DAI and ACL not blocking

I still can't work out how to report stuff to Cisco so I'm just going to post here.

 

SG350-10 10-Port

 

In 2.5.7.85 ACL is done first then DAL in 2.5.8.12 DAI is done first then ACL

 

Traffic can now leak under DHCP ports in 2.5.8.12

 

part of ACL rule

Priority    Action   Logging     Protocol     Source IP Address    Destination IP Address   Source Port    Destination Port 

5353       Permit  Disabled     UDP           Any Any                  255.255.255.255   0.0.0.0    68                      67

7000       Deny    Disabled     UDP           Any Any                   Any                       Any         68                      67

 

bind to port GE1 Input ACL with DAI

IP Source Guard GE1

DHCP Snooping Trusted Interface GE2

 

In 2.5.7.85 DHCP would be allowed if its broadcast and renews on a broadcast just fine and blocks unicast traffic, with 2.5.8.12 the Priority rule 7000 no longer blocks unicast traffic with DAI on.

8 REPLIES 8
marce1000
VIP Advisor

 

                 >...I still can't work out how to report stuff to Cisco so I'm just going to post here.

   - FYIhttps://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 M.


@marce1000 wrote:

 

                 >...I still can't work out how to report stuff to Cisco so I'm just going to post here.

   - FYIhttps://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 M.


its grayed out to open a case

cisco case.png

 

 - I can't see that on that page, did you login (too) and or then tried :

                   https://mycase.cloudapps.cisco.com/start?referring_site=smbcontacts

 M.


@marce1000 wrote:

 

 - I can't see that on that page, did you login (too) and or then tried :

                   https://mycase.cloudapps.cisco.com/start?referring_site=smbcontacts

 M.


Yes logged in and that link sends my back too

https://mycase.cloudapps.cisco.com/case 

 

maybe I need to make a new login?

 

 

   - Note sure , may depend on owning active service contracts.

 M.

Peter __
Beginner

can someone else make cases for me the Cisco site will not let me its broken.

 

 

One thing I forgot to mention , you may try one of the phone numbers
according to your region. Then mention your problem and or query your
eligible service status. M.
Peter __
Beginner

It seems in order to post a case to Cisco you have to be part of a business which I'm not so any one reading my bug finds by all means open a case for them.

 

The ACL above was put on the IP Source Guard port for Input ACL but if you put that ACL on the DHCP Snooping port for Output ACL then it drops Priority rule 7000 unicast traffic.