Hello, i have 10x brocade icx 6450 switches so i have a acl like as following :
Standard IP access list port5: 2 entries permit host x.x.x.x deny any
then i have applied it to a port switch which is connected to x.x.x.x and when i send tcp syn attack with random source i see all sources dropped at port level but sources like as 220.127.116.11 reach my router!
why does access list does not block multicast ips?! its really strange because i have deny any at end of my access list! so can anyone help me with this? thanks
Well, you aren't going to like this... I cannot find that option on either a 6450 or a 6610 running 08030sa
I can find it on an ICX 7450, which of course is running a different branch of code... 08070b is what I have installed. Of course, the ICX 64XX is limited to 08030x
Maybe someone else can chime in. Otherwise, maybe you can drop this at the router. If you are dropping it out-bound, you would want to try an extended access list anyway...
Lastly, you can get rid of the "deny ip any" statement at the end. That is already implied.
Usually on switches, you don't apply ACLs on physical interfaces anyway. Where I am going with this is they typically run on Layer-3 interfaces. If you put an IP address on an Interface, well then... go ahead and attach an ACL. Otherwise the common place to put it would be on the SVI or the "interface ve 123" interface.