Skip to main content
Start a Conversation

Unsolved

M

Max1332345

1 Rookie

 • 

3 Posts

37

March 10th, 2025 13:13

BGP Question

Dear community,

 

I have configured BGP on a Dell 4112 with OS10 and this is working perfectly. (Connection to the neighbor is established with a set password).

 

However, I now have the following problem. Port 179 is now accessible from everywhere, i.e. marked as UP.

I then created an ACL (IP access-list 179):

show ip access-lists in

 seq 10 permit tcp host “BGP neighbor” host “My BGP router” eq 179 log count (0 packets)

 seq 20 deny tcp any host “My BGP router" eq 179 log count (30 packets)

 seq 30 permit ip any any

 

The drop count is shown but does not work.

 Do you have any ideas or suggestions?

DELL-Chris H

Moderator

 • 

9.4K Posts

March 10th, 2025 19:35

Max1332345,

 

From looking at the configuration, what I would suggest is to start by removing the 

 

seq 30 permit ip any any 

 

and then see if it works. 

 

Let me know what you see and if this helps.

 

Max1332345

1 Rookie

 • 

3 Posts

March 11th, 2025 10:20

@DELL-Chris H ​ 

Hello Chris H,

Unfortunately, this was not successful, except that the networks that were connected afterwards were blocked. It seems that the acl does not work on the switch's own ip address.

Here are more information about the configuration.

interface ethernet1/1/12
 description "XXXXX"
 no shutdown
 no switchport
 ip vrf forwarding 12
 ip address XXX.XXX.XXX.XXX/31
 ipv6 address XXXX:XXXX:XXXX:XXXX::X/127
 flowcontrol receive on
 ip access-group 179 in
 ntp disable
 
 router bgp XXXXX
 !
 vrf 12
  !
  address-family ipv4 unicast
   network XXX.XXX.XXX.XXX/XX
   network XXX.XXX.XXX.XXX/XX
   network XXX.XXX.XXX.XXX/XX
  !
  neighbor XXX.XXX.XXX.XXX
   description "XXXXX"
   password 9 XXXXXXXXXX
   remote-as XXXXX
   no shutdown
   !
   address-family ipv4 unicast
    distribute-list uplink_routes_v4 in
    route-map XXXXX out
    soft-reconfiguration inbound

ip access-list 179

 seq 10 permit ip host “BGP neighbor” host “My BGP router” log count (30 packets)

 seq 20 deny ip any host “My BGP router” log count (350 packets)
 seq 30 deny tcp any any eq 179 log count (50 packets)

 seq 40 permit ip any any

I have also adjusted the acl again without success. Port 179 is still open from everywhere.

I ask for further support.

Many thanks in advance!

Max1332345

1 Rookie

 • 

3 Posts

March 11th, 2025 11:19

Hello,

I have tested on another dell switch with SSH. A VLAN where SSH is open. And an ACL that is supposed to restrict this. The ACLs there also do not restrict the IPs assigned on the switch itself, although the drop-count goes up.

ip ssh server vrf 2

interface vlan2
 vlan-name Test
 description "Test"
 no shutdown
 ip vrf forwarding 2
 ip address 192.168.1.1/24
 ip access-group test in
 no ip dhcp snooping
 
DellOS10# show ip access-lists in
Ingress IP access-list test
 Active on interfaces :
  vlan2
 seq 11 permit tcp host 192.168.1.2 host 192.168.1.1 eq 22 log count (1266 packets)
 seq 21 deny tcp any host 192.168.1.1 eq 22 log count (227 packets)
 seq 22 deny ip any any

Is this a bug?

DELL-Marco B

Moderator

 • 

3.8K Posts

March 11th, 2025 17:43

Hello,

can you check this

Dell Networking SmartFabric OS10 S5200 series Egress ACL applied to a VLAN interface does not work | Dell US

in this case it is better to contact network technical Dell team to check with them the configuration.

Thanks

Was this post helpful?

View All

No Events found!

Top