Dell N2048 Switch and IP ACL - I just killed part of my network...
-
What happens if you choose the "HOST" option instead of IP and Mask? The Wildcard Mask you are using says "everything on this subnet" if I remember right.
-
I actually have not tried yet and wanted to do some research first before killing production again
-
So, select host only, and use the machine FQDNs?
-
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
So, select host only, and use the machine FQDNs?
I would use the IP addresses.
-
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
So, select host only, and use the machine FQDNs?
And you'll probably have to change the wildcard mask to match all parts of the IP of the host.
-
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
So, select host only, and use the machine FQDNs?
Yep, will do. I shall move critical VMs to the te2 and then try.
-
@EddieJennings said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
So, select host only, and use the machine FQDNs?
And you'll probably have to change the wildcard mask to match all parts of the IP of the host.
Can ip be used with host selected, but mask left empty you think?
-
If you pick host, I think Wildcard Mask may not even be used.
-
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@EddieJennings said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
So, select host only, and use the machine FQDNs?
And you'll probably have to change the wildcard mask to match all parts of the IP of the host.
Can ip be used with host selected, but mask left empty you think?
With host selected, wild card is defaulted to 0.0.0.0 and disabled. So cannot edit that anyway with host selected.
-
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@EddieJennings said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
So, select host only, and use the machine FQDNs?
And you'll probably have to change the wildcard mask to match all parts of the IP of the host.
Can ip be used with host selected, but mask left empty you think?
With host selected, wild card is defaulted to 0.0.0.0 and disabled. So cannot edit that anyway with host selected.
That makes sense as the wildcard would be 0.0.0.0.
-
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@EddieJennings said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
So, select host only, and use the machine FQDNs?
And you'll probably have to change the wildcard mask to match all parts of the IP of the host.
Can ip be used with host selected, but mask left empty you think?
With host selected, wild card is defaulted to 0.0.0.0 and disabled. So cannot edit that anyway with host selected.
That's probably the option you are looking for then.
*puts on a dang helmet and hides under desk.*
Ready when you are!
-
@dafyre said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@EddieJennings said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
So, select host only, and use the machine FQDNs?
And you'll probably have to change the wildcard mask to match all parts of the IP of the host.
Can ip be used with host selected, but mask left empty you think?
With host selected, wild card is defaulted to 0.0.0.0 and disabled. So cannot edit that anyway with host selected.
That's probably the option you are looking for then.
*puts on a dang helmet and hides under desk.*
Ready when you are!
Have to move some critical VMs off of that interface before trying again first.
With the N2048's, does deny take precedence over allow?For example, can I deny range 192.168.2.60 - 80 first. Then next following rule allow 192.168.2.69 only? Or would deny stick?
-
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@dafyre said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@EddieJennings said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
So, select host only, and use the machine FQDNs?
And you'll probably have to change the wildcard mask to match all parts of the IP of the host.
Can ip be used with host selected, but mask left empty you think?
With host selected, wild card is defaulted to 0.0.0.0 and disabled. So cannot edit that anyway with host selected.
That's probably the option you are looking for then.
*puts on a dang helmet and hides under desk.*
Ready when you are!
Have to move some critical VMs off of that interface before trying again first.
With the N2048's, does deny take precedence over allow?For example, can I deny range 192.168.2.60 - 80 first. Then next following rule allow 192.168.2.69 only? Or would deny stick?
That I'm not sure about.
IIRC, on Cisco and HP devices, it's allow and then deny. It's been a while since I've had to test that theory though, so don't quote me on it.
-
I thought it was the order of the ACLs (at least on Cisco stuff). Once there is a match, everything else is ignored.
-
@EddieJennings said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
I thought it was the order of the ACLs (at least on Cisco stuff). Once there is a match, everything else is ignored.
I think you may well be right. But like I said above -- it has been a while for me.
Best I can tell @Jimmy9008 is to try it and let us know what happens, ha ha ha.
-
Once the critical VMs are moved, I shall have a play and see.
-
@dafyre said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@EddieJennings said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
I thought it was the order of the ACLs (at least on Cisco stuff). Once there is a match, everything else is ignored.
I think you may well be right. But like I said above -- it has been a while for me.
Best I can tell @Jimmy9008 is to try it and let us know what happens, ha ha ha.
-
So... VMs moved. Rule applied based only on host.... and 3... 2... 1... still brought down everything trying to connect to anything on te1... current rule:
Ideas? Must be missing something obvious. Or is the dell firmware buggered!
-
@Jimmy9008 Why not turn on logging, and see if that shows you what's matching the rule.
-
@EddieJennings said in Dell N2048 Switch and IP ACL - I just killed part of my network...:
@Jimmy9008 Why not turn on logging, and see if that shows you what's matching the rule.
Logging is enabled now. But, no logs are being generated showing the dropped traffic.