Hello Pheko, you can (and probably should) apply the ACL on the Vlan Interface where the traffic enters. Say VLAN 47 is used for the routed connection to the WAN, and the local systems are in VLAN 431. To allow ICMP from the WAN to the local systems, you need to apply ACL 111 on interface Vlan 47.
interface vlan 47 ip address <Transfer-to-WAN> ip access-group 111 in If both communication parties are local, say VLANs 431 and 531, you would need to apply the ACL to allow ICMP to VLAN 431 (inbound) on interface Vlan 531, and vice versa. Best regards, Erik -- Dipl.-Inform. Erik Auerswald http://www.fg-networking.de/ [email protected] T:+49-631-4149988-0 M:+49-176-64228513 Gesellschaft für Fundamental Generic Networking mbH Geschäftsführung: Volker Bauer, Jörg Mayer Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630 On Wed, Jan 27, 2016 at 10:30:35AM +0000, Mamabolo, Pheko (GS IT IN SD AAE OPS COL) wrote: > Hi Erik, > > Thank you for the feedback it is much appreciated. > > If understand right you suggest I apply it like the following; > > access-list interface 111 ge.2.3 in sequence 1 > > and not > > interface vlan 431 > ip access-group 111 in sequence 1 > > With best regards, > Pheko Mamabolo > > Siemens (Proprietary) Limited > Global Service Information Technology > IT Infrastructure Service Delivery > Regions Asia, Pacific, Middle East and Africa > Operational Service Back End Essential > GS IT IN SD R AAE OPS BEE > Tel.: +27 11 652-2938 > Fax: +27 86 506-6018 > Mobil: +27 82 487-9822 > mailto:[email protected] > > -----Original Message----- > From: Erik Auerswald [mailto:[email protected]] > Sent: 27 January 2016 12:23 PM > To: [email protected] > Cc: Mamabolo, Pheko (GS IT IN SD AAE OPS COL); Caeiro, Jorge; Guemadi, > Mohamed-Lamine (GS IT R AAE BN BAN) > Subject: Re: [enterasys] Access - List Query no ICMP reply after applying > access list > > Hello Pheko Mamabolo, > > the SecureStacks do not support the "established" keyword, and they do not > support to match on specific ICMP type / code. Thus you need to enable all of > ICMP. The extended ACL from your first email looks good, but it is bound to > the wrong interface. > > The SecureStacks support inbound ACLs only, so you need to bind the ACL to > the interface where the traffic enters the switch. You bound it to the > interface where the traffic exits the switch. > > Best regards, > Erik Auerswald > -- > Dipl.-Inform. Erik Auerswald http://www.fg-networking.de/ > [email protected] T:+49-631-4149988-0 M:+49-176-64228513 > > Gesellschaft für Fundamental Generic Networking mbH > Geschäftsführung: Volker Bauer, Jörg Mayer > Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630 > > On Wed, Jan 27, 2016 at 09:28:19AM +0000, Mamabolo, Pheko (GS IT IN SD AAE > OPS COL) wrote: > > Hi Enterasys Community, > > > > Please advise on how to enable ICMP reply from Enterasys B5G124-24 after > > applying an extended access -list as it does not support command ip > > access-list extended 'established' command. > > Our challenge is it not allowing us to receive ICMP reply after setting the > > access list. I checked on different chassis the Enterasys S4 and on this it > > works as the command ip access-list extended with established is supported > > however not on the B5G124-24 please advise on a work around. > > > > With best regards, > > Pheko Mamabolo > > > > Siemens (Proprietary) Limited > > Global Service Information Technology > > IT Infrastructure Service Delivery > > Regions Asia, Pacific, Middle East and Africa Operational Service Back > > End Essential GS IT IN SD R AAE OPS BEE > > Tel.: +27 11 652-2938 > > Fax: +27 86 506-6018 > > Mobil: +27 82 487-9822 > > mailto:[email protected] > > > > From: Mamabolo, Pheko (GS IT IN SD AAE OPS COL) > > [mailto:[email protected]] > > Sent: 13 January 2016 02:51 PM > > To: Enterasys Customer Mailing List > > Cc: Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN) > > Subject: RE:[Enterasys] Access - List Query I do not receive ICMP > > reply after applying my access list > > > > Dears, > > > > Please assist I am not able to receive ICMP echo reply after applying ACL > > that specifically permits certain networks to do this. > > An example of my access list > > > > access-list 111 permit ICMP 172.16.49.0 0.0.0.3 67.67.67.67 interface > > vlan 431 ip access-group 111 in sequence 1 ip address 67.67.67.67 > > > > I have also applied ip ICMP redirect enable globally and also on the > > interface. > > > > Is there some type established command missing and what is the syntax as > > the B5 Layer 3 switch I am working on is not supporting such a command. > > > > "permit tcp 172.16.49.0 0.0.0.3 established 67.67.67.67 0.0.0.31" this is > > not available on the B5G124-24 switch? > > > > Please advise!! > > > > With best regards, > > Pheko Mamabolo > > > > Siemens (Proprietary) Limited > > Global Service Information Technology > > IT Infrastructure Service Delivery > > Regions Asia, Pacific, Middle East and Africa Operational Service Back > > End Essential GS IT IN SD R AAE OPS BEE > > Tel.: +27 11 652-2938 > > Fax: +27 86 506-6018 > > Mobil: +27 82 487-9822 > > mailto:[email protected] > > > > > > > > ------------------------------------ > > Disclaimer and Confidentiality Note > > This e-mail communication, its attachments, if any, and any rights > > attaching to it are, unless the context clearly indicates otherwise, > > the property of Siemens (Pty) Ltd. It is confidential, private and > > intended for the addressee only. If you are not the intended recipient > > and receive this communication in error, you are hereby notified that > > any review, copying, use, discloser or distribution in any manner > > whatsoever is strictly prohibited. Please notify the sender > > immediately that you have received this e-mail in error and delete the > > e-mail and any copies of it. Views and opinions expressed in this > > e-mail are those of the sender unless clearly stated as those of > > Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss > > or damage whatsoever, and howsoever incurred or suffered resulting or > > arising from the use of this e-mail communication and/or its > > attachments. Siemens (Pty) Ltd does not warrant the integrity of this > > e-mail communication nor that it is free of errors, viruses, > > interception or interference. Siemens (Pty) Ltd, its divisions and > > subsidiary companies ("Siemens") expressly excludes sections 11, 12, > > and 13 of the Electronic Communications and Transactions Act, 25 of > > 2002 ("the ECT") in respect of e-contracting. No data message or > > electronic communication will be recognised as having a legal > > contractual status under the ECT Act. All agreements concluded by > > Siemens will only be legally binding when reduced to physical writing > > and physically signed by a duly authorised representative of Siemens. > > For more information about Siemens (Pty) Ltd, visit our website at > > www.siemens.com<http://www.siemens.com> > > > > Siemens (Proprietary) Limited (Incorporated in South Africa) South > > African Company Registration Number: 1923/007514/07 Registered > > Address: 300 Janadel Avenue, Halfway House 1685 VAT Registration > > Number: 4790104428 > > Chairman: KJ Helmrich* > > Chief Executive Officer: SU Dall'Omo* > > Chief Financial Officer: SJ Mueller* > > Executive Director: R Nkuhlu, C Klaas > > Non-Executive Directors: TK Rathmann*; Dr MI Survé Alternate > > Directors: I Amod; MK Becker* > > * German > > > > ------------------------------------ > > > > * --To unsubscribe from Enterasys, send email to > > [email protected]<mailto:[email protected]> with the body: unsubscribe > > Enterasys [email protected]<mailto:[email protected]> > > > > ------------------------------------ > > Disclaimer and Confidentiality Note > > This e-mail communication, its attachments, if any, and any rights > > attaching to it are, unless the context clearly indicates otherwise, > > the property of Siemens (Pty) Ltd. It is confidential, private and > > intended for the addressee only. If you are not the intended recipient > > and receive this communication in error, you are hereby notified that > > any review, copying, use, discloser or distribution in any manner > > whatsoever is strictly prohibited. Please notify the sender > > immediately that you have received this e-mail in error and delete the > > e-mail and any copies of it. Views and opinions expressed in this > > e-mail are those of the sender unless clearly stated as those of > > Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss > > or damage whatsoever, and howsoever incurred or suffered resulting or > > arising from the use of this e-mail communication and/or its > > attachments. Siemens (Pty) Ltd does not warrant the integrity of this > > e-mail communication nor that it is free of errors, viruses, > > interception or interference. Siemens (Pty) Ltd, its divisions and > > subsidiary companies ("Siemens") expressly excludes sections 11, 12, > > and 13 of the Electronic Communications and Transactions Act, 25 of > > 2002 ("the ECT") in respect of e-contracting. No data message or > > electronic communication will be recognised as having a legal > > contractual status under the ECT Act. All agreements concluded by > > Siemens will only be legally binding when reduced to physical writing > > and physically signed by a duly authorised representative of Siemens. > > For more information about Siemens (Pty) Ltd, visit our website at > > www.siemens.com > > > > Siemens Proprietary Limited (Incorporated in South Africa) Company > > Registration Number: 1923/007514/07 Registered Address: 300 Janadel > > Avenue, Halfway House 1685 VAT Registration Number: 4790104428 > > Chairman: KJ Helmrich* > > Chief Executive Officer: SU Dall'Omo* > > Chief Financial Officer: SJ Mueller* > > Executive Director: R Nkuhlu, C Klaas > > Non-Executive Directors: TK Rathmann*; Dr MI Survé Alternate > > Directors: I Amod; MK Becker* Company Secretary: U Akwiwu > > * German > > > > ------------------------------------ > > > > --- > > To unsubscribe from enterasys, send email to [email protected] with the > > body: unsubscribe enterasys [email protected] > > ------------------------------------ > Disclaimer and Confidentiality Note > This e-mail communication, its attachments, if any, and any rights attaching > to it are, unless the context clearly indicates otherwise, the property of > Siemens (Pty) Ltd. It is confidential, private and intended for the addressee > only. If you are not the intended recipient and receive this communication in > error, you are hereby notified that any review, copying, use, discloser or > distribution in any manner whatsoever is strictly prohibited. Please notify > the sender immediately that you have received this e-mail in error and delete > the e-mail and any copies of it. Views and opinions expressed in this e-mail > are those of the sender unless clearly stated as those of Siemens (Pty) Ltd. > Siemens (Pty) Ltd accepts no liability for any loss or damage whatsoever, and > howsoever incurred or suffered resulting or arising from the use of this > e-mail communication and/or its attachments. Siemens (Pty) Ltd does not > warrant the integrity of this e-mail communication nor that it is free of > errors, viruses, interception or interference. Siemens (Pty) Ltd, its > divisions and subsidiary companies (“Siemens”) expressly excludes sections > 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of > 2002 (“the ECT”) in respect of e-contracting. No data message or electronic > communication will be recognised as having a legal contractual status under > the ECT Act. All agreements concluded by Siemens will only be legally binding > when reduced to physical writing and physically signed by a duly authorised > representative of Siemens. For more information about Siemens (Pty) Ltd, > visit our website at www.siemens.com > > Siemens Proprietary Limited (Incorporated in South Africa) > Company Registration Number: 1923/007514/07 > Registered Address: 300 Janadel Avenue, Halfway House 1685 > VAT Registration Number: 4790104428 > Chairman: KJ Helmrich* > Chief Executive Officer: SU Dall’Omo* > Chief Financial Officer: SJ Mueller* > Executive Director: R Nkuhlu, C Klaas > Non-Executive Directors: TK Rathmann*; Dr MI Survé > Alternate Directors: I Amod; MK Becker* > Company Secretary: U Akwiwu > * German > > ------------------------------------ > > --- > To unsubscribe from enterasys, send email to [email protected] with the body: > unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
