Users cannot Access Network Because MA5200F/G is Configured with Improper ACL Or

Created: Mar 5, 2016 21:39:36Latest reply: Mar 6, 2016 14:06:51 1082 1 0 0

Version: independent of version
Symptom: The system is configured with ACL to limit users to access some web site, but users cannot access any web site then.

  • x
  • convention:

bellabella     Created Mar 6, 2016 14:06:51 Helpful(0) Helpful(0)

Handling Process
1.In configurations of system, ACL is configured as follows: 
acl number 100                                                                  
rule 3 net-user permit ip source 203.212.6.2 0 destination 10                  
rule 4 net-user permit ip source 211.98.2.4 0 destination 10                   
rule 0 user-net permit ip source 10 destination 203.212.6.2 0                  
rule 1 user-net deny ip source 10                                              
rule 2 user-net permit ip source 10 destination 211.98.2.4 0 
ACL is defined with correct rules, but the matching order of the ACL is that of configuration, and "rule 1 user-net deny ip source 10" of ucl-group 10 is defined as rule 1, so all the rules behind rule1 will not take effect, failing the users to access the web sites permitted in ACL.
2. The problem is solved by configuring "rule 1 user-net deny ip source 10" to rule 5 in ACL.
Root Cause
Users cannot access some web sites, and the possible reasons include: 
1. Routes are not reachable;
2. ACL limit. 
Services for user is normal before the configuration of ACL, but users cannot access the web sites permitted in ACL after the configuration, so its configuration is problematic. 
Suggestions
It is recommended to use match-order auto in ACL to avoid problems alike. 

  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top