https://community.ruckuswireless.com/t5/ICX-Switches/ACL-Adding-a-access-group-to-a-interface-not-selectable/m-p/45408#M3292 <P>Hello,&nbsp; I believe this to be a CLI command line bug.</P><P>I have done this before successfully but can't remember how you do this&nbsp;</P><P>Config:</P><P>ip access-list extended 100<BR />remark Block_CapWap<BR />sequence 10 deny udp any any eq 5246<BR />sequence 20 deny udp any any eq 5247<BR />sequence 30 permit ip any any<BR />!</P><P>BUT!&nbsp;</P><P>When I try and add it to the Inf it doesn't add it but drops me into building the ACL</P><P>See:</P><P>(config)#interface ethernet 2/1/3</P><P>config-if-e1000-2/1/3)#ip access-list extended Block_CapWap<BR />SW(config-ext-nacl)#</P><P>****Here you can see it applied to a working interface.***</P><P>ip access-list extended 100<BR />remark Block_CapWap<BR />sequence 10 deny udp any any eq 5246<BR />sequence 20 deny udp any any eq 5247<BR />sequence 30 permit ip any any</P><P>Show Int e 1/1/23</P><P>interface ethernet 1/1/23<BR />port-name WiFi CGP_Ticket_EX~<BR />loop-detection<BR />dual-mode 750<BR />ip access-group Block_CapWap in<BR />spanning-tree 802-1w admin-edge-port<BR />inline power power-by-class 4<BR />stp-bpdu-guard<BR />trust dscp<BR />sflow forwarding<BR />sflow sample 4096<BR />snmp-server enable traps mac-notification</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Thx</P><P>JM</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 29 Jun 2022 18:31:10 GMT JayWM 2022-06-29T18:31:10Z https://community.ruckuswireless.com/t5/ICX-Switches/ACL-Adding-a-access-group-to-a-interface-not-selectable/m-p/45408#M3292 <P>Hello,&nbsp; I believe this to be a CLI command line bug.</P><P>I have done this before successfully but can't remember how you do this&nbsp;</P><P>Config:</P><P>ip access-list extended 100<BR />remark Block_CapWap<BR />sequence 10 deny udp any any eq 5246<BR />sequence 20 deny udp any any eq 5247<BR />sequence 30 permit ip any any<BR />!</P><P>BUT!&nbsp;</P><P>When I try and add it to the Inf it doesn't add it but drops me into building the ACL</P><P>See:</P><P>(config)#interface ethernet 2/1/3</P><P>config-if-e1000-2/1/3)#ip access-list extended Block_CapWap<BR />SW(config-ext-nacl)#</P><P>****Here you can see it applied to a working interface.***</P><P>ip access-list extended 100<BR />remark Block_CapWap<BR />sequence 10 deny udp any any eq 5246<BR />sequence 20 deny udp any any eq 5247<BR />sequence 30 permit ip any any</P><P>Show Int e 1/1/23</P><P>interface ethernet 1/1/23<BR />port-name WiFi CGP_Ticket_EX~<BR />loop-detection<BR />dual-mode 750<BR />ip access-group Block_CapWap in<BR />spanning-tree 802-1w admin-edge-port<BR />inline power power-by-class 4<BR />stp-bpdu-guard<BR />trust dscp<BR />sflow forwarding<BR />sflow sample 4096<BR />snmp-server enable traps mac-notification</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Thx</P><P>JM</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 29 Jun 2022 18:31:10 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ACL-Adding-a-access-group-to-a-interface-not-selectable/m-p/45408#M3292 JayWM 2022-06-29T18:31:10Z https://community.ruckuswireless.com/t5/ICX-Switches/ACL-Adding-a-access-group-to-a-interface-not-selectable/m-p/45410#M3293 <P>Hmm now I haven't used ACL on a Ruckus switch, but what strikes me is that when you see the, then it is a access group that have been applied on the interface, so maybe it is like Cisco, where you create an access list, but apply it as an access group ?</P> Wed, 29 Jun 2022 20:06:06 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ACL-Adding-a-access-group-to-a-interface-not-selectable/m-p/45410#M3293 Xfeldt 2022-06-29T20:06:06Z https://community.ruckuswireless.com/t5/ICX-Switches/ACL-Adding-a-access-group-to-a-interface-not-selectable/m-p/45429#M3294 <P>Yep, that’s the answer. You can see it in the config. If in doubt, try using Cisco commands - most vendors ape them.&nbsp;</P> Thu, 30 Jun 2022 16:14:21 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ACL-Adding-a-access-group-to-a-interface-not-selectable/m-p/45429#M3294 Squozen 2022-06-30T16:14:21Z https://community.ruckuswireless.com/t5/ICX-Switches/ACL-Adding-a-access-group-to-a-interface-not-selectable/m-p/45522#M3311 <P>Hey all,&nbsp;</P> <P>We do also use the ip access-group command to apply ACLs. Here's an example from our Security guide:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="BenBeck_0-1657299631465.png" style="width: 723px;"><img src="https://community.ruckuswireless.com/t5/image/serverpage/image-id/2840i0DA4157F94C2CA61/image-dimensions/723x317?v=v2" width="723" height="317" role="button" title="BenBeck_0-1657299631465.png" alt="BenBeck_0-1657299631465.png" /></span></P> <P>Some additional references:</P> <P><A href="https://docs.commscope.com/bundle/fastiron-08090-securityguide/page/GUID-1B76BE6F-8F28-43DB-A59E-2A36DA553539.html" target="_blank">https://docs.commscope.com/bundle/fastiron-08090-securityguide/page/GUID-1B76BE6F-8F28-43DB-A59E-2A36DA553539.html</A></P> <P><A href="https://docs.commscope.com/bundle/fastiron-08090-securityguide/page/GUID-6BD70996-ADEB-4B59-A701-F52072F2C90C.html" target="_blank">https://docs.commscope.com/bundle/fastiron-08090-securityguide/page/GUID-6BD70996-ADEB-4B59-A701-F52072F2C90C.html</A></P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 08 Jul 2022 17:03:34 GMT https://community.ruckuswireless.com/t5/ICX-Switches/ACL-Adding-a-access-group-to-a-interface-not-selectable/m-p/45522#M3311 BenBeck 2022-07-08T17:03:34Z