Options
3COM packet filtering issue
OK so this is why I am thinking of moving away from 3COM...
I set up the following ACL on a switch
and applied it using
Now I expected this would prevent all incoming traffic from VLAN 17 apart from DHCP/Boot to any other vlans, that seems to me how the logic reads.
[FONT=Droid Serif, Georgia, Times New Roman, serif]However what actually happened was it stopped traffic on ever vlan traveling across the switch, even worse this a core device so took down half the network. Thankfully I had a console link already established to the switch so could take it back of and got every thing back up with in a few minutes.
[/FONT]
[FONT=Droid Serif, Georgia, Times New Roman, serif]I read the command above as filter all traffic coming in from VLAN 17 aginst the access rule, so why did it shut down the whole network? When I am working with a network I want simple clear logic that makes sence! [/FONT]
I set up the following ACL on a switch
[FONT=Droid Serif]acl number 3005[/FONT] [FONT=Droid Serif] description DHCP traffic only[/FONT] [FONT=Droid Serif] rule 0 permit udp destination-port eq bootpc[/FONT] [FONT=Droid Serif] rule 1 permit udp destination-port eq bootps[/FONT] [FONT=Droid Serif] rule 2 deny ip[/FONT]
and applied it using
[FONT=Droid Serif][switch]Packet-filter vlan 17 inbound ip-address 3005. [/FONT], as you can't apply ACL's to VLAN interfaces on many of the older 3COM switches.
Now I expected this would prevent all incoming traffic from VLAN 17 apart from DHCP/Boot to any other vlans, that seems to me how the logic reads.
[FONT=Droid Serif, Georgia, Times New Roman, serif]However what actually happened was it stopped traffic on ever vlan traveling across the switch, even worse this a core device so took down half the network. Thankfully I had a console link already established to the switch so could take it back of and got every thing back up with in a few minutes.
[/FONT]
[FONT=Droid Serif, Georgia, Times New Roman, serif]I read the command above as filter all traffic coming in from VLAN 17 aginst the access rule, so why did it shut down the whole network? When I am working with a network I want simple clear logic that makes sence! [/FONT]
- If you can't explain it simply, you don't understand it well enough. Albert Einstein
- An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
Linkin Profile - Blog: http://Devilwah.com