This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ICX7150-48P TCP established ACL not working as expected

suddenwolf
New Contributor

‎02-16-2024 12:44 PM - edited ‎02-16-2024 12:48 PM

Hi, I'm running into a weird issue after upgrading from a Brocade ICX6450 to a Ruckus ICX7150.

I have the following ACL that I transferred from the 6450:

 

ip access-list extended no_internal_access
 permit tcp any any established
 permit tcp any host 10.20.1.20 eq http
 permit tcp any host 10.20.1.20 eq ssl
 permit tcp any host 10.20.1.50 eq dns
 permit tcp any host 10.20.1.60 eq dns
 permit udp any host 10.20.1.50 eq dns
 permit udp any host 10.20.1.60 eq dns
 deny ip any 10.0.0.0 0.255.255.255
 deny ip any 192.168.100.0 0.0.0.255
 permit ip any any

 

I have this ACL applied to a guest VLAN, 98. On the 6450, the ACL is applied "in" on VE98 and everything works as expected. I installed the ACL onto the 7150, and applied the ACL "in" on VLAN 98, since that is how it is now done. However, on the 7150, HTTP and even RDP works to hosts in the 10.0.0.0/8 range in many cases. The ACL is doing something, since ICMP does not work. I tried a simple ACL with just an allow established rule and the deny ip rules, and it seems to be the established rule type that is causing the problem. Removing it solves the problem.

Is this an expected behavior, or is there something I am missing on the 7150 that would make this not work as it does on the 6450? It is running 08.0.95m. Thanks in advance!

0 Kudos
4 REPLIES 4
Copyright © 2024 Khoros, LLC