OK so this is why I am thinking of moving away from 3COM...
I set up the following ACL on a switch [FONT=Droid Serif]acl number 3005[/FONT]
[FONT=Droid Serif] description DHCP traffic only[/FONT]
[FONT=Droid Serif] rule 0 permit udp destination-port eq bootpc[/FONT]
[FONT=Droid Serif] rule 1 permit udp destination-port eq bootps[/FONT]
[FONT=Droid Serif] rule 2 deny ip[/FONT]
and applied it using [FONT=Droid Serif][switch]Packet-filter vlan 17 inbound ip-address 3005. [/FONT]
, as you can't apply ACL's to VLAN interfaces on many of the older 3COM switches.
Now I expected this would prevent all incoming traffic from VLAN 17 apart from DHCP/Boot to any other vlans, that seems to me how the logic reads.
[FONT=Droid Serif, Georgia, Times New Roman, serif]However what actually happened was it stopped traffic on ever vlan traveling across the switch, even worse this a core device so took down half the network. Thankfully I had a console link already established to the switch so could take it back of and got every thing back up with in a few minutes.
[/FONT]
[FONT=Droid Serif, Georgia, Times New Roman, serif]I read the command above as filter all traffic coming in from VLAN 17 aginst the access rule, so why did it shut down the whole network? When I am working with a network I want simple clear logic that makes sence! [/FONT]
