Hello Pheko Mamabolo, the SecureStacks do not support the "established" keyword, and they do not support to match on specific ICMP type / code. Thus you need to enable all of ICMP. The extended ACL from your first email looks good, but it is bound to the wrong interface.
The SecureStacks support inbound ACLs only, so you need to bind the ACL to the interface where the traffic enters the switch. You bound it to the interface where the traffic exits the switch. Best regards, Erik Auerswald -- Dipl.-Inform. Erik Auerswald http://www.fg-networking.de/ [email protected] T:+49-631-4149988-0 M:+49-176-64228513 Gesellschaft für Fundamental Generic Networking mbH Geschäftsführung: Volker Bauer, Jörg Mayer Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630 On Wed, Jan 27, 2016 at 09:28:19AM +0000, Mamabolo, Pheko (GS IT IN SD AAE OPS COL) wrote: > Hi Enterasys Community, > > Please advise on how to enable ICMP reply from Enterasys B5G124-24 after > applying an extended access -list as it does not support command ip > access-list extended 'established' command. > Our challenge is it not allowing us to receive ICMP reply after setting the > access list. I checked on different chassis the Enterasys S4 and on this it > works as the command ip access-list extended with established is supported > however not on the B5G124-24 please advise on a work around. > > With best regards, > Pheko Mamabolo > > Siemens (Proprietary) Limited > Global Service Information Technology > IT Infrastructure Service Delivery > Regions Asia, Pacific, Middle East and Africa > Operational Service Back End Essential > GS IT IN SD R AAE OPS BEE > Tel.: +27 11 652-2938 > Fax: +27 86 506-6018 > Mobil: +27 82 487-9822 > mailto:[email protected] > > From: Mamabolo, Pheko (GS IT IN SD AAE OPS COL) > [mailto:[email protected]] > Sent: 13 January 2016 02:51 PM > To: Enterasys Customer Mailing List > Cc: Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN) > Subject: RE:[Enterasys] Access - List Query I do not receive ICMP reply after > applying my access list > > Dears, > > Please assist I am not able to receive ICMP echo reply after applying ACL > that specifically permits certain networks to do this. > An example of my access list > > access-list 111 permit ICMP 172.16.49.0 0.0.0.3 67.67.67.67 > interface vlan 431 > ip access-group 111 in sequence 1 > ip address 67.67.67.67 > > I have also applied ip ICMP redirect enable globally and also on the > interface. > > Is there some type established command missing and what is the syntax as the > B5 Layer 3 switch I am working on is not supporting such a command. > > "permit tcp 172.16.49.0 0.0.0.3 established 67.67.67.67 0.0.0.31" this is not > available on the B5G124-24 switch? > > Please advise!! > > With best regards, > Pheko Mamabolo > > Siemens (Proprietary) Limited > Global Service Information Technology > IT Infrastructure Service Delivery > Regions Asia, Pacific, Middle East and Africa > Operational Service Back End Essential > GS IT IN SD R AAE OPS BEE > Tel.: +27 11 652-2938 > Fax: +27 86 506-6018 > Mobil: +27 82 487-9822 > mailto:[email protected] > > > > ------------------------------------ > Disclaimer and Confidentiality Note > This e-mail communication, its attachments, if any, and any rights attaching > to it are, unless the context clearly indicates otherwise, the property of > Siemens (Pty) Ltd. It is confidential, private and intended for the addressee > only. If you are not the intended recipient and receive this communication in > error, you are hereby notified that any review, copying, use, discloser or > distribution in any manner whatsoever is strictly prohibited. Please notify > the sender immediately that you have received this e-mail in error and delete > the e-mail and any copies of it. Views and opinions expressed in this e-mail > are those of the sender unless clearly stated as those of Siemens (Pty) Ltd. > Siemens (Pty) Ltd accepts no liability for any loss or damage whatsoever, and > howsoever incurred or suffered resulting or arising from the use of this > e-mail communication and/or its attachments. Siemens (Pty) Ltd does not > warrant the integrity of this e-mail communication nor that it is free of > errors, viruses, interception or interference. Siemens (Pty) Ltd, its > divisions and subsidiary companies ("Siemens") expressly excludes sections > 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of > 2002 ("the ECT") in respect of e-contracting. No data message or electronic > communication will be recognised as having a legal contractual status under > the ECT Act. All agreements concluded by Siemens will only be legally binding > when reduced to physical writing and physically signed by a duly authorised > representative of Siemens. For more information about Siemens (Pty) Ltd, > visit our website at www.siemens.com<http://www.siemens.com> > > Siemens (Proprietary) Limited (Incorporated in South Africa) > South African Company Registration Number: 1923/007514/07 > Registered Address: 300 Janadel Avenue, Halfway House 1685 > VAT Registration Number: 4790104428 > Chairman: KJ Helmrich* > Chief Executive Officer: SU Dall'Omo* > Chief Financial Officer: SJ Mueller* > Executive Director: R Nkuhlu, C Klaas > Non-Executive Directors: TK Rathmann*; Dr MI Survé > Alternate Directors: I Amod; MK Becker* > * German > > ------------------------------------ > > * --To unsubscribe from Enterasys, send email to > [email protected]<mailto:[email protected]> with the body: unsubscribe > Enterasys [email protected]<mailto:[email protected]> > > ------------------------------------ > Disclaimer and Confidentiality Note > This e-mail communication, its attachments, if any, and any rights attaching > to it are, unless the context clearly indicates otherwise, the property of > Siemens (Pty) Ltd. It is confidential, private and intended for the addressee > only. If you are not the intended recipient and receive this communication in > error, you are hereby notified that any review, copying, use, discloser or > distribution in any manner whatsoever is strictly prohibited. Please notify > the sender immediately that you have received this e-mail in error and delete > the e-mail and any copies of it. Views and opinions expressed in this e-mail > are those of the sender unless clearly stated as those of Siemens (Pty) Ltd. > Siemens (Pty) Ltd accepts no liability for any loss or damage whatsoever, and > howsoever incurred or suffered resulting or arising from the use of this > e-mail communication and/or its attachments. Siemens (Pty) Ltd does not > warrant the integrity of this e-mail communication nor that it is free of > errors, viruses, interception or interference. Siemens (Pty) Ltd, its > divisions and subsidiary companies ("Siemens") expressly excludes sections > 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of > 2002 ("the ECT") in respect of e-contracting. No data message or electronic > communication will be recognised as having a legal contractual status under > the ECT Act. All agreements concluded by Siemens will only be legally binding > when reduced to physical writing and physically signed by a duly authorised > representative of Siemens. For more information about Siemens (Pty) Ltd, > visit our website at www.siemens.com > > Siemens Proprietary Limited (Incorporated in South Africa) > Company Registration Number: 1923/007514/07 > Registered Address: 300 Janadel Avenue, Halfway House 1685 > VAT Registration Number: 4790104428 > Chairman: KJ Helmrich* > Chief Executive Officer: SU Dall'Omo* > Chief Financial Officer: SJ Mueller* > Executive Director: R Nkuhlu, C Klaas > Non-Executive Directors: TK Rathmann*; Dr MI Survé > Alternate Directors: I Amod; MK Becker* > Company Secretary: U Akwiwu > * German > > ------------------------------------ > > --- > To unsubscribe from enterasys, send email to [email protected] with the body: > unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
