cancel
Showing results for 
Search instead for 
Did you mean: 

ACL Adding a access-group to a interface not selectable ??

JayWM
New Contributor

Hello,  I believe this to be a CLI command line bug.

I have done this before successfully but can't remember how you do this 

Config:

ip access-list extended 100
remark Block_CapWap
sequence 10 deny udp any any eq 5246
sequence 20 deny udp any any eq 5247
sequence 30 permit ip any any
!

BUT! 

When I try and add it to the Inf it doesn't add it but drops me into building the ACL

See:

(config)#interface ethernet 2/1/3

config-if-e1000-2/1/3)#ip access-list extended Block_CapWap
SW(config-ext-nacl)#

****Here you can see it applied to a working interface.***

ip access-list extended 100
remark Block_CapWap
sequence 10 deny udp any any eq 5246
sequence 20 deny udp any any eq 5247
sequence 30 permit ip any any

Show Int e 1/1/23

interface ethernet 1/1/23
port-name WiFi CGP_Ticket_EX~
loop-detection
dual-mode 750
ip access-group Block_CapWap in
spanning-tree 802-1w admin-edge-port
inline power power-by-class 4
stp-bpdu-guard
trust dscp
sflow forwarding
sflow sample 4096
snmp-server enable traps mac-notification

 

 

 

Thx

JM

 

 

 

 

1 ACCEPTED SOLUTION

Hey all, 

We do also use the ip access-group command to apply ACLs. Here's an example from our Security guide:

BenBeck_0-1657299631465.png

Some additional references:

https://docs.commscope.com/bundle/fastiron-08090-securityguide/page/GUID-1B76BE6F-8F28-43DB-A59E-2A3...

https://docs.commscope.com/bundle/fastiron-08090-securityguide/page/GUID-6BD70996-ADEB-4B59-A701-F52...

 

 

Ben Beck, RCNA, RCNI, Principal Technical Support Engineer
support.ruckuswireless.com/contact-us

View solution in original post

3 REPLIES 3

Xfeldt
New Contributor II

Hmm now I haven't used ACL on a Ruckus switch, but what strikes me is that when you see the, then it is a access group that have been applied on the interface, so maybe it is like Cisco, where you create an access list, but apply it as an access group ?

Yep, that’s the answer. You can see it in the config. If in doubt, try using Cisco commands - most vendors ape them. 

Hey all, 

We do also use the ip access-group command to apply ACLs. Here's an example from our Security guide:

BenBeck_0-1657299631465.png

Some additional references:

https://docs.commscope.com/bundle/fastiron-08090-securityguide/page/GUID-1B76BE6F-8F28-43DB-A59E-2A3...

https://docs.commscope.com/bundle/fastiron-08090-securityguide/page/GUID-6BD70996-ADEB-4B59-A701-F52...

 

 

Ben Beck, RCNA, RCNI, Principal Technical Support Engineer
support.ruckuswireless.com/contact-us