This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

System L2ACL Issues - R510

Go to solution
Mouse6213
New Contributor II

‎09-23-2023 08:50 PM

Hi folks--

I'm having issues with my Unleashed R510 and L2ACL.  Up until earlier today I had an L2ACL (we'll call it Deny) assigned to a specific SSID.  At a particular point I unblocked a device that was going to be used again (that was not on the Deny L2ACL) via the Unleashed app, and then noticed every entry in the Deny L2ACL was now being blocked on each SSID.  

I then logged into the web UI to check the config, and removed the ACL within the UI, yet the devices were still being shown as blocked in the client list.  I've power-cycled the unit, upgraded and downgraded, seemingly everything but a factory reset.  

To the subject, though:  After getting a chance to log into the AP via the CLI, I've confirmed that all of the entries in the Deny L2ACL are now in the System L2ACL, and I have not been able to edit the System L2ACL via CLI or otherwise.  

Does anyone know how to edit the System L2ACL?  Or how to resolve this issue otherwise?  (I would obviously prefer not to do a factory reset.)

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
syamantakomer
Community Admin
Community Admin

‎10-04-2023 02:54 PM

Hi @Mouse6213,

If you block a client directly from the web UI under clients, it will become the part of global L2ACL block list and blocked users cannot connect to any SSID. This is as per design.

Try below online doc which has CLI command to unblock a client, see if that helps.

https://docs.commscope.com/bundle/unleashed-200.13-commandref/page/GUID-B2B99E07-ACEA-4DA2-9649-94E8... 


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn

View solution in original post

8 REPLIES 8

Go to solution
Mouse6213
New Contributor II

‎09-30-2023 04:13 PM

Hi folks--

Anyone have any ideas on this?  I've asked some folks offline tied to Ruckus/Commscope, and they, too, have been stumped.

Mouse6213_0-1696115474737.png

This is what I see via terminal (MAC addresses removed).  I still have not found a way to remove items from the L2ACL, which really does strike me as an odd situation to have.  Happens with most recent firmware and a step down.  

0 Kudos

Go to solution
sanjay_kumar
RUCKUS Team Member
In response to Mouse6213

‎10-01-2023 06:30 PM

Hi @Mouse6213 

Can you try the below steps from the CLI:

To delete the ACL policy:
ruckus(config)# no l2acl <ACL name>
Example: ruckus(config)# no l2acl ACL
ruckus(config-l2acl)# end

To delete just the MAC entries and not the ACL policy:

ruckus# config
ruckus(config)# l2acl <Enter the L2 MAC ACL name>
ruckus(config-l2acl)# del-mac <MAC> -----> Deletes a MAC address from the L2 ACL.
ruckus(config-l2acl)# end

Let me know if this works.

0 Kudos

Go to solution
Mouse6213
New Contributor II
In response to sanjay_kumar

‎10-09-2023 02:47 PM

Hi @sanjay_kumar --

Unfortunately, since these were somehow added to the System L2ACL, I'm not able to update that policy even in privileged.  

Mouse6213_0-1696887663635.png

 

 

0 Kudos

Go to solution
sanjay_kumar
RUCKUS Team Member
In response to Mouse6213

‎10-10-2023 01:14 AM

Hi @Mouse6213 
If you go to Clients Tab >> You can see the list of clients, do you also see the clients here which you can see from the CLI System L2acl?

If yes, you can select it >> Click on More >> Click on Unblock. 
This will remove the entry from the System L2acl. I just tried and it worked.

Please check and let me know.

If it is not working, please let me know the exact steps to reproduce the issue so that I can try.

0 Kudos
Copyright © 2024 Khoros, LLC