cancel
Showing results for 
Search instead for 
Did you mean: 

Block all but TCP by ACL on Extreme switch Summit300-48

Block all but TCP by ACL on Extreme switch Summit300-48

Andrzej_Kenig
New Contributor
I'm trying to understand access list’s mechanism on Extreme switch Summit300-48. Want to deny anything but TCP on specific port. So settings such commands:

code:
create access-mask port_mask ports precedence 25000
create access-list denyall port_mask ports 1:43 deny create access-mask ipproto_mask ip-protocol ports precedence 15000 create access-list allowTCP ipproto_mask ip-protocol TCP ports 1:43 permit
And It doesn’t work. It looks like all incoming traffic on port 1:43 is blocked. ACL generally work on this switch. For example I could block all TCP and open only for specific IP. What am I doing wrong? Help me please.

4 REPLIES 4

Andrzej_Kenig
New Contributor
It works! Exactly after adding your’s rules, Henrique, it works like it should to.In fact without arp allowed, it was working for the few seconds until host forget it’s local arp table. Now it works with no problems.

Thank You very much!

Hi Andrzej, glad to hear that worked!

Thanks for the feedback.

Henrique
Extreme Employee
Hello Andrzej, I agreed with Frank. When using a "denyall" rule you might be blocking ARP packets also.

I would suggest you to add the following rule and test again:

create access-mask allowarpmask ethertype ports precedence 1000
create access-list allowarp access-mask allowarpmask ethertype 0x0806 ports 1:43 permit

Frank
Contributor II
I really don't know exactly how those access-lists/masks work, but shouldn't you also allow ARP on that port?
I've accidentally blocked ARP before, and the results weren't pretty 😉
GTM-P2G8KFN