06-29-2022 11:31 AM
Hello, I believe this to be a CLI command line bug.
I have done this before successfully but can't remember how you do this
Config:
ip access-list extended 100
remark Block_CapWap
sequence 10 deny udp any any eq 5246
sequence 20 deny udp any any eq 5247
sequence 30 permit ip any any
!
BUT!
When I try and add it to the Inf it doesn't add it but drops me into building the ACL
See:
(config)#interface ethernet 2/1/3
config-if-e1000-2/1/3)#ip access-list extended Block_CapWap
SW(config-ext-nacl)#
****Here you can see it applied to a working interface.***
ip access-list extended 100
remark Block_CapWap
sequence 10 deny udp any any eq 5246
sequence 20 deny udp any any eq 5247
sequence 30 permit ip any any
Show Int e 1/1/23
interface ethernet 1/1/23
port-name WiFi CGP_Ticket_EX~
loop-detection
dual-mode 750
ip access-group Block_CapWap in
spanning-tree 802-1w admin-edge-port
inline power power-by-class 4
stp-bpdu-guard
trust dscp
sflow forwarding
sflow sample 4096
snmp-server enable traps mac-notification
Thx
JM
Solved! Go to Solution.
07-08-2022 10:03 AM
Hey all,
We do also use the ip access-group command to apply ACLs. Here's an example from our Security guide:
Some additional references:
06-29-2022 01:06 PM
Hmm now I haven't used ACL on a Ruckus switch, but what strikes me is that when you see the, then it is a access group that have been applied on the interface, so maybe it is like Cisco, where you create an access list, but apply it as an access group ?
06-30-2022 09:14 AM
Yep, that’s the answer. You can see it in the config. If in doubt, try using Cisco commands - most vendors ape them.
07-08-2022 10:03 AM
Hey all,
We do also use the ip access-group command to apply ACLs. Here's an example from our Security guide:
Some additional references: