This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

acl issue Protocol needs to be set to TCP or UDP, before setting "destination-port".

acl issue Protocol needs to be set to TCP or UDP, before setting "destination-port".

Keith9
Contributor III

‎07-26-2021 01:28 PM

I’m getting this error on an exos switch when trying to refresh a policy

Line 29 : Protocol needs to be set to TCP or UDP, before setting "destination-port".

 

Here’s an example what I added.

entry acl1_deny36 { if { protocol tcp; source-address 0.0.0.0/0; destination-address 10.80.2.16/32; destination-port 80;} then { count acl1_http_deny; deny;}}

 

 

Here is an example of some lines that work:

entry acl1_deny28 { if { protocol udp; source-address 0.0.0.0/0; destination-address 10.80.2.28/32; destination-port snmp;} then { count acl1_snmp_deny; deny;}}

entry acl1_denyr1 { if { protocol tcp; source-address 0.0.0.0/0; destination-address 10.80.4.0/24; destination-port 873;} then { count acl1_rsync_deny; deny;}}
 

Can anyone tell me why I can’t deny port 80 the same why I deny port 873 or snmp?

0 Kudos
6 REPLIES 6

Keith9
Contributor III

‎07-26-2021 01:37 PM

Yes i just took an exceprt.  I didn’t want to do the whole config.

 

But look at what does work vs the one that doesn't.  The syntax is literally identical.

protocol <tcp or udp>;source-address; destination-address; destination-port; then the action.

0 Kudos

OscarK
Extreme Employee

‎07-26-2021 01:35 PM

It reports an error on line 29, is that line you show line 29 ?

0 Kudos
GTM-P2G8KFN