Hello, I believe this to be a CLI command line bug.
I have done this before successfully but can't remember how you do this
Config:
ip access-list extended 100
remark Block_CapWap
sequence 10 deny udp any any eq 5246
sequence 20 deny udp any any eq 5247
sequence 30 permit ip any any
!
BUT!
When I try and add it to the Inf it doesn't add it but drops me into building the ACL
See:
(config)#interface ethernet 2/1/3
config-if-e1000-2/1/3)#ip access-list extended Block_CapWap
SW(config-ext-nacl)#
****Here you can see it applied to a working interface.***
ip access-list extended 100
remark Block_CapWap
sequence 10 deny udp any any eq 5246
sequence 20 deny udp any any eq 5247
sequence 30 permit ip any any
Show Int e 1/1/23
interface ethernet 1/1/23
port-name WiFi CGP_Ticket_EX~
loop-detection
dual-mode 750
ip access-group Block_CapWap in
spanning-tree 802-1w admin-edge-port
inline power power-by-class 4
stp-bpdu-guard
trust dscp
sflow forwarding
sflow sample 4096
snmp-server enable traps mac-notification
Thx
JM
