• August 12, 2020, 10:34:30 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: ACL on DES-3200-28  (Read 11635 times)

markkrj

  • Level 1 Member
  • *
  • Posts: 4
ACL on DES-3200-28
« on: July 31, 2014, 09:48:14 AM »

Hello,

I need to create an ACL blocking TCP port 23 and 22 (telnet and SSH) and UDP port 161 (SNMP), I already have tried on another models, but with this in special I'm having trouble. I have like 4 subnets that i'm wanna allow the traffic in that ports and block the rest.

What I did was just:

Code: [Select]
create access_profile ip source_ip_mask 255.255.240.0 tcp dst_port_mask 0xFFFF profile_id 1
config access_profile profile_id 1 add access_id 100 ip tcp dst_port 23 port all deny
config access_profile profile_id 1 add access_id 101 ip tcp dst_port 22 port all deny
config access_profile profile_id 1 add access_id 1 ip source_ip 111.111.111.0 tcp dst_port 23 port all permit
config access_profile profile_id 1 add access_id 2 ip source_ip 222.222.222.0 tcp dst_port 23 port all permit
config access_profile profile_id 1 add access_id 3 ip source_ip 111.111.111.0 tcp dst_port 22 port all permit
config access_profile profile_id 1 add access_id 4 ip source_ip 222.222.222.0 tcp dst_port 22 port all permit

And so on, but it simply don't work like in the other models... In this switch, to get it working I need to Enable cpu_interface_filtering and then create cpu access_profile, exactly like the above and it work, but the problem is that normal ACL I can create 512 with 65535 rules and CPU ACL I can have 3 with 5 rules each.

Anyone has faced this problem already?

In my tests I could block all ICMP ping request with:

Code: [Select]
create access_profile packet_content_mask offset1 l4 0 0xFFFF profile_id 1
config access_profile profile_id 1 add access_id 10 packet_content offset1 0x800 port all deny

This was the only Normal ACL that worked in DES-3200..
Logged