No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ip-car configuration一advanced acl lead to the limit do not work

Publication Date:  2012-10-26 Views:  59 Downloads:  0
Issue Description
Basic configuration roughly as follows:
acl 2000
    rule permit
acl 3000
    rule 5 permit ip source 192.168.1.1 0
   rule 10 deny ip
firewall car-class 1 10000
firewall zone trust
     ip-car enable
     ip-car outzone 1 acl-number 2000
     ip-car outzone filter acl-number 3000
Alarm Information
none
Handling Process
Undo the last acl deny ip of the advanced acl, namely:
acl 3000
     undo rule 10 deny  ip
Root Cause
This configuration not only configured the basic acl, also configured advanced acl. And advanced acl finally has a deny any.
Once configured with advanced acl, then IP - car will check from advanced acl first, if check  deny, then end.
Thus if the customer use 192.168.2.1 to access, IP - car won't limit
Suggestions
none

END