Hi been struggling with an acl issue on a cnMatrix switch
I need to setup a couple of extended ACL’s on a switch in a airgapped environment.
What seems to happen is the last entry I put into the extended access list seems to override/delete pre existing entries before it. Almost like the switch os if not reading the priority attribute being set.
Maybe I’m doing this wrong but it should work cisco like with a sequence or priority number determing order of rules.
Have tried this on a switch with software 6.1.2-r4
config t
ip access-list extended 1001
permit ip 192.168.1.1 255.255.255.255 192.168.2.1 255.255.255.255 priority 1
do show access-lists (Here you can clearly see rule priority 1 being part of the access list)
IP ACCESS LISTS
Extended IP Access List 1001
Filter Priority : 1
Filter Action : Permit
Filter Protocol Type : ANY
IP address Type : IPV4
Source IP address : 192.168.1.1
Source IP address mask : 255.255.255.255
Source IP Prefix Length : 32
Destination IP address : 192.168.2.1
Destination IP address mask : 255.255.255.255
Destination IP Prefix Length : 32
Flow Identifier : 0
In Port List : NIL
Out Port List : NIL
Filter TOS : NIL
Filter DSCP : NIL
VLAN Id : 0
VLAN Priority : None
Sub Action : NONE
Sub Action Id (New VLAN Id) : 0
Status : Inactive
Match Count : 0
deny ip 192.168.1.1 255.255.255.255 192.168.3.1 255.255.255.255 priority 2
do show access-list (Filter priority rule no1 seemingly disappears here)
IP ACCESS LISTS
Extended IP Access List 1001
Filter Priority : 2
Filter Action : Deny
Filter Protocol Type : ANY
IP address Type : IPV4
Source IP address : 192.168.1.1
Source IP address mask : 255.255.255.255
Source IP Prefix Length : 32
Destination IP address : 192.168.3.1
Destination IP address mask : 255.255.255.255
Destination IP Prefix Length : 32
Flow Identifier : 0
In Port List : NIL
Out Port List : NIL
Filter TOS : NIL
Filter DSCP : NIL
VLAN Id : 0
VLAN Priority : None
Sub Action : NONE
Sub Action Id (New VLAN Id) : 0
Status : Inactive
Match Count : 0