Re: SRW2024 - ip and Mac based ACL

jarmo.harju · ‎05-18-2011

Hi!

I'm trying to set up MAC and IP based ACl on our switches with no success.

Port 22 is our wan port

i'm trying to stop ip 192.168.0.53 reaching internet.

but i need to let all other traffic to pass.

with ip rule with Deny 192.168.0.53 wild card mask 0.0.0.0

and acl bound to port g22.

the problem is that it stop all traffic.

What am i missing? i'm trying to do this with MAC ACL too with same results.

/J

David Carr · ‎05-18-2011

Do an allow any any after that rule and it will work.

What is happening you have half of the rule in place with just the deny and it is blocking everything. The allow will allow the rest of your traffic out.

Ivor Diedricks · ‎05-18-2011

Correct. ACL rules have an implicit "deny all". So if you want to allow other traffic, needs to be terminated with "permit any any"

jarmo.harju · ‎05-19-2011

Hi!

Ok, i placed a new rule after the block rule.

permit any ip 192.168.0.0 Wild card mask 255.255.255.255

now it lets all traffic pass including the the one i blocked in the first rule!

i'm still missing something!

/J

Ivor Diedricks · ‎05-19-2011

It needs to be the following and in the correct order - rules are processed from the top to the bottom of the list:

deny ip 192.168.0.53 0.0.0.0

permit ip any any

If you're still having issues, suggest you call the support center and they will help you.