marcin at leon
Aug 24, 2007, 2:06 AM
Post #1 of 2
I have a problem with creation of access list that would drop unwanted tcp
I have an access list like that:
* Alpine3808:31 # show access-list
Rule Dest/mask:L4DP Src/mask:L4SP Flags Hits
port_137 0.0.0.0 /0 :137 0.0.0.0 /0 :0 T-D-X 0
Flags: I=IP, T=TCP, U=UDP, E=Established, M=ICMP, G=IGMP
P=Permit Rule, D=Deny Rule
N=Port Specific Rule, X=Any Port
but, if I try to do a telnet to port 137 it is not notified in "Hits" and it
is not dropped.
As I could see, only pure IP acl works, but TCP and UDP no.
Switch has a Full L3 license, EW is
Primary EW Ver: 220.127.116.11 [ssh] [wlan]
No L3 routing is done on the switch, just L2 vlans.
Is there any way to make TCP acls to work on this device ?