Hugo Veiga | 27 Jan 12:34 2016
Picon

Re: Access - List Query no ICMP reply after applying access list

Hi,

Can you supply a small network diagram with the IPs in it.

I think you have messed the source and the target in the access list but I want to be sure.

Best regards,
Hugo Veiga


2016-01-27 10:22 GMT+00:00 Erik Auerswald <auerswald <at> fg-networking.de>:
Hello Pheko Mamabolo,

the SecureStacks do not support the "established" keyword, and they do not
support to match on specific ICMP type / code. Thus you need to enable all
of ICMP. The extended ACL from your first email looks good, but it is bound
to the wrong interface.

The SecureStacks support inbound ACLs only, so you need to bind the ACL to
the interface where the traffic enters the switch. You bound it to the
interface where the traffic exits the switch.

Best regards,
Erik Auerswald
--
Dipl.-Inform. Erik Auerswald         http://www.fg-networking.de/
auerswald <at> fg-networking.de T:+49-631-4149988-0 M:+49-176-64228513

Gesellschaft für Fundamental Generic Networking mbH
Geschäftsführung: Volker Bauer, Jörg Mayer
Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630

On Wed, Jan 27, 2016 at 09:28:19AM +0000, Mamabolo, Pheko (GS IT IN SD AAE OPS COL) wrote:
> Hi Enterasys Community,
>
> Please advise on how to enable ICMP reply from Enterasys B5G124-24 after applying an extended access -list as it does not support command ip access-list extended 'established' command.
> Our challenge is it not allowing us to receive ICMP reply after setting the access list. I checked on different chassis the Enterasys S4 and on this it works as the command ip access-list extended with established is supported however not on the B5G124-24 please advise on a work around.
>
> With best regards,
> Pheko Mamabolo
>
> Siemens (Proprietary) Limited
> Global Service Information Technology
> IT Infrastructure Service Delivery
> Regions Asia, Pacific, Middle East and Africa
> Operational Service Back End Essential
> GS IT IN SD R AAE OPS BEE
> Tel.: +27 11 652-2938
> Fax: +27 86 506-6018
> Mobil: +27 82 487-9822
> mailto:pheko.mamabolo <at> siemens.com
>
> From: Mamabolo, Pheko (GS IT IN SD AAE OPS COL) [mailto:pheko.mamabolo <at> siemens.com]
> Sent: 13 January 2016 02:51 PM
> To: Enterasys Customer Mailing List
> Cc: Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN)
> Subject: RE:[Enterasys] Access - List Query I do not receive ICMP reply after applying my access list
>
> Dears,
>
> Please assist I am not able to receive ICMP echo reply after applying ACL that specifically permits certain networks to do this.
> An example of my access list
>
> access-list 111 permit ICMP 172.16.49.0 0.0.0.3 67.67.67.67
> interface vlan 431
> ip access-group 111 in sequence 1
> ip address 67.67.67.67
>
> I have also applied ip ICMP redirect enable globally and also on the interface.
>
> Is there some type established command missing and what is the syntax as the B5 Layer 3 switch I am working on is not supporting such a command.
>
> "permit tcp 172.16.49.0 0.0.0.3 established 67.67.67.67 0.0.0.31" this is not available on the B5G124-24 switch?
>
> Please advise!!
>
> With best regards,
> Pheko Mamabolo
>
> Siemens (Proprietary) Limited
> Global Service Information Technology
> IT Infrastructure Service Delivery
> Regions Asia, Pacific, Middle East and Africa
> Operational Service Back End Essential
> GS IT IN SD R AAE OPS BEE
> Tel.: +27 11 652-2938
> Fax: +27 86 506-6018
> Mobil: +27 82 487-9822
> mailto:pheko.mamabolo <at> siemens.com
>
>
>
> ------------------------------------
> Disclaimer and Confidentiality Note
> This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Siemens (Pty) Ltd. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments. Siemens (Pty) Ltd does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference. Siemens (Pty) Ltd, its divisions and subsidiary companies ("Siemens") expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 ("the ECT") in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Siemens will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Siemens. For more information about Siemens (Pty) Ltd, visit our website at www.siemens.com<http://www.siemens.com>
>
> Siemens (Proprietary) Limited (Incorporated in South Africa)
> South African Company Registration Number: 1923/007514/07
> Registered Address: 300 Janadel Avenue, Halfway House 1685
> VAT Registration Number: 4790104428
> Chairman: KJ Helmrich*
> Chief Executive Officer: SU Dall'Omo*
> Chief Financial Officer: SJ Mueller*
> Executive Director: R Nkuhlu, C Klaas
> Non-Executive Directors: TK Rathmann*; Dr MI Survé
> Alternate Directors: I Amod; MK Becker*
> * German
>
> ------------------------------------
>
>   *   --To unsubscribe from Enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the body: unsubscribe Enterasys pheko.mamabolo <at> siemens.com<mailto:pheko.mamabolo <at> siemens.com>
>
> ------------------------------------
> Disclaimer and Confidentiality Note
> This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Siemens (Pty) Ltd. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments. Siemens (Pty) Ltd does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference. Siemens (Pty) Ltd, its divisions and subsidiary companies ("Siemens") expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 ("the ECT") in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Siemens will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Siemens. For more information about Siemens (Pty) Ltd, visit our website at www.siemens.com
>
> Siemens Proprietary Limited (Incorporated in South Africa)
> Company Registration Number: 1923/007514/07
> Registered Address: 300 Janadel Avenue, Halfway House 1685
> VAT Registration Number: 4790104428
> Chairman: KJ Helmrich*
> Chief Executive Officer: SU Dall'Omo*
> Chief Financial Officer: SJ Mueller*
> Executive Director: R Nkuhlu, C Klaas
> Non-Executive Directors: TK Rathmann*; Dr MI Survé
> Alternate Directors: I Amod; MK Becker*
> Company Secretary: U Akwiwu
> * German
>
> ------------------------------------
>
> ---
> To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys auerswald <at> fg-networking.de

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys hveiga <at> ubi.pt

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Picon

RE: Access - List Query no ICMP reply after applying access list

Thank you Erik,

Kind regards
Pheko

-----Original Message-----
From: Erik Auerswald [mailto:auerswald <at> fg-networking.de]
Sent: 27 January 2016 12:42 PM
To: Enterasys Customer Mailing List
Cc: Mamabolo, Pheko (GS IT IN SD AAE OPS COL); Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN)
Subject: Re: [enterasys] Access - List Query no ICMP reply after applying access list

Hello Pheko,

you can (and probably should) apply the ACL on the Vlan Interface where the traffic enters. Say VLAN 47 is
used for the routed connection to the WAN, and the local systems are in VLAN 431. To allow ICMP from the WAN to
the local systems, you need to apply ACL 111 on interface Vlan 47.

interface vlan 47
ip address <Transfer-to-WAN>
ip access-group 111 in

If both communication parties are local, say VLANs 431 and 531, you would need to apply the ACL to allow ICMP
to VLAN 431 (inbound) on interface Vlan 531, and vice versa.

Best regards,
Erik
--
Dipl.-Inform. Erik Auerswald         http://www.fg-networking.de/

auerswald <at> fg-networking.de T:+49-631-4149988-0 M:+49-176-64228513

Gesellschaft für Fundamental Generic Networking mbH
Geschäftsführung: Volker Bauer, Jörg Mayer
Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630

On Wed, Jan 27, 2016 at 10:30:35AM +0000, Mamabolo, Pheko (GS IT IN SD AAE OPS COL) wrote:
> Hi Erik,
>
> Thank you for the feedback it is much appreciated.
>
> If understand right you suggest I apply it like the following;
>
>     access-list interface 111 ge.2.3 in  sequence 1
>
> and not
>
> interface vlan 431
> ip access-group 111 in sequence 1
>
> With best regards,
> Pheko Mamabolo
>
> Siemens (Proprietary) Limited
> Global Service Information Technology
> IT Infrastructure Service Delivery
> Regions Asia, Pacific, Middle East and Africa Operational Service Back
> End Essential GS IT IN SD R AAE OPS BEE
> Tel.: +27 11 652-2938
> Fax: +27 86 506-6018
> Mobil: +27 82 487-9822
> mailto:pheko.mamabolo <at> siemens.com
>
> -----Original Message-----
> From: Erik Auerswald [mailto:auerswald <at> fg-networking.de]
> Sent: 27 January 2016 12:23 PM
> To: enterasys <at> listserv.unc.edu
> Cc: Mamabolo, Pheko (GS IT IN SD AAE OPS COL); Caeiro, Jorge; Guemadi,
> Mohamed-Lamine (GS IT R AAE BN BAN)
> Subject: Re: [enterasys] Access - List Query no ICMP reply after
> applying access list
>
> Hello Pheko Mamabolo,
>
> the SecureStacks do not support the "established" keyword, and they do not support to match on specific
ICMP type / code. Thus you need to enable all of ICMP. The extended ACL from your first email looks good, but
it is bound to the wrong interface.
>
> The SecureStacks support inbound ACLs only, so you need to bind the ACL to the interface where the traffic
enters the switch. You bound it to the interface where the traffic exits the switch.
>
> Best regards,
> Erik Auerswald
> --
> Dipl.-Inform. Erik Auerswald         http://www.fg-networking.de/

> auerswald <at> fg-networking.de T:+49-631-4149988-0 M:+49-176-64228513
>
> Gesellschaft für Fundamental Generic Networking mbH
> Geschäftsführung: Volker Bauer, Jörg Mayer
> Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630
>
> On Wed, Jan 27, 2016 at 09:28:19AM +0000, Mamabolo, Pheko (GS IT IN SD AAE OPS COL) wrote:
> > Hi Enterasys Community,
> >
> > Please advise on how to enable ICMP reply from Enterasys B5G124-24 after applying an extended access
-list as it does not support command ip access-list extended 'established' command.
> > Our challenge is it not allowing us to receive ICMP reply after setting the access list. I checked on
different chassis the Enterasys S4 and on this it works as the command ip access-list extended with
established is supported however not on the B5G124-24 please advise on a work around.
> >
> > With best regards,
> > Pheko Mamabolo
> >
> > Siemens (Proprietary) Limited
> > Global Service Information Technology IT Infrastructure Service
> > Delivery Regions Asia, Pacific, Middle East and Africa Operational
> > Service Back End Essential GS IT IN SD R AAE OPS BEE
> > Tel.: +27 11 652-2938
> > Fax: +27 86 506-6018
> > Mobil: +27 82 487-9822
> > mailto:pheko.mamabolo <at> siemens.com
> >
> > From: Mamabolo, Pheko (GS IT IN SD AAE OPS COL)
> > [mailto:pheko.mamabolo <at> siemens.com]
> > Sent: 13 January 2016 02:51 PM
> > To: Enterasys Customer Mailing List
> > Cc: Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN)
> > Subject: RE:[Enterasys] Access - List Query I do not receive ICMP
> > reply after applying my access list
> >
> > Dears,
> >
> > Please assist I am not able to receive ICMP echo reply after applying ACL that specifically permits
certain networks to do this.
> > An example of my access list
> >
> > access-list 111 permit ICMP 172.16.49.0 0.0.0.3 67.67.67.67
> > interface vlan 431 ip access-group 111 in sequence 1 ip address
> > 67.67.67.67
> >
> > I have also applied ip ICMP redirect enable globally and also on the interface.
> >
> > Is there some type established command missing and what is the syntax as the B5 Layer 3 switch I am working
on is not supporting such a command.
> >
> > "permit tcp 172.16.49.0 0.0.0.3 established 67.67.67.67 0.0.0.31" this is not available on the
B5G124-24 switch?
> >
> > Please advise!!
> >
> > With best regards,
> > Pheko Mamabolo
> >
> > Siemens (Proprietary) Limited
> > Global Service Information Technology IT Infrastructure Service
> > Delivery Regions Asia, Pacific, Middle East and Africa Operational
> > Service Back End Essential GS IT IN SD R AAE OPS BEE
> > Tel.: +27 11 652-2938
> > Fax: +27 86 506-6018
> > Mobil: +27 82 487-9822
> > mailto:pheko.mamabolo <at> siemens.com
> >
> >
> >
> > ------------------------------------
> > Disclaimer and Confidentiality Note
> > This e-mail communication, its attachments, if any, and any rights
> > attaching to it are, unless the context clearly indicates otherwise,
> > the property of Siemens (Pty) Ltd. It is confidential, private and
> > intended for the addressee only. If you are not the intended
> > recipient and receive this communication in error, you are hereby
> > notified that any review, copying, use, discloser or distribution in
> > any manner whatsoever is strictly prohibited. Please notify the
> > sender immediately that you have received this e-mail in error and
> > delete the e-mail and any copies of it. Views and opinions expressed
> > in this e-mail are those of the sender unless clearly stated as
> > those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability
> > for any loss or damage whatsoever, and howsoever incurred or
> > suffered resulting or arising from the use of this e-mail
> > communication and/or its attachments. Siemens (Pty) Ltd does not
> > warrant the integrity of this e-mail communication nor that it is
> > free of errors, viruses, interception or interference. Siemens (Pty)
> > Ltd, its divisions and subsidiary companies ("Siemens") expressly
> > excludes sections 11, 12, and 13 of the Electronic Communications
> > and Transactions Act, 25 of
> > 2002 ("the ECT") in respect of e-contracting. No data message or
> > electronic communication will be recognised as having a legal
> > contractual status under the ECT Act. All agreements concluded by
> > Siemens will only be legally binding when reduced to physical
> > writing and physically signed by a duly authorised representative of Siemens.
> > For more information about Siemens (Pty) Ltd, visit our website at
> > www.siemens.com<http://www.siemens.com>
> >
> > Siemens (Proprietary) Limited (Incorporated in South Africa) South
> > African Company Registration Number: 1923/007514/07 Registered
> > Address: 300 Janadel Avenue, Halfway House 1685 VAT Registration
> > Number: 4790104428
> > Chairman: KJ Helmrich*
> > Chief Executive Officer: SU Dall'Omo* Chief Financial Officer: SJ
> > Mueller* Executive Director: R Nkuhlu, C Klaas Non-Executive
> > Directors: TK Rathmann*; Dr MI Survé Alternate
> > Directors: I Amod; MK Becker*
> > * German
> >
> > ------------------------------------
> >
> >   *   --To unsubscribe from Enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with
the body: unsubscribe Enterasys pheko.mamabolo <at> siemens.com<mailto:pheko.mamabolo <at> siemens.com>
> >
> > ------------------------------------
> > Disclaimer and Confidentiality Note
> > This e-mail communication, its attachments, if any, and any rights
> > attaching to it are, unless the context clearly indicates otherwise,
> > the property of Siemens (Pty) Ltd. It is confidential, private and
> > intended for the addressee only. If you are not the intended
> > recipient and receive this communication in error, you are hereby
> > notified that any review, copying, use, discloser or distribution in
> > any manner whatsoever is strictly prohibited. Please notify the
> > sender immediately that you have received this e-mail in error and
> > delete the e-mail and any copies of it. Views and opinions expressed
> > in this e-mail are those of the sender unless clearly stated as
> > those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability
> > for any loss or damage whatsoever, and howsoever incurred or
> > suffered resulting or arising from the use of this e-mail
> > communication and/or its attachments. Siemens (Pty) Ltd does not
> > warrant the integrity of this e-mail communication nor that it is
> > free of errors, viruses, interception or interference. Siemens (Pty)
> > Ltd, its divisions and subsidiary companies ("Siemens") expressly
> > excludes sections 11, 12, and 13 of the Electronic Communications
> > and Transactions Act, 25 of
> > 2002 ("the ECT") in respect of e-contracting. No data message or
> > electronic communication will be recognised as having a legal
> > contractual status under the ECT Act. All agreements concluded by
> > Siemens will only be legally binding when reduced to physical
> > writing and physically signed by a duly authorised representative of Siemens.
> > For more information about Siemens (Pty) Ltd, visit our website at
> > www.siemens.com

> >
> > Siemens Proprietary Limited (Incorporated in South Africa) Company
> > Registration Number: 1923/007514/07 Registered Address: 300 Janadel
> > Avenue, Halfway House 1685 VAT Registration Number: 4790104428
> > Chairman: KJ Helmrich*
> > Chief Executive Officer: SU Dall'Omo* Chief Financial Officer: SJ
> > Mueller* Executive Director: R Nkuhlu, C Klaas Non-Executive
> > Directors: TK Rathmann*; Dr MI Survé Alternate
> > Directors: I Amod; MK Becker* Company Secretary: U Akwiwu
> > * German
> >
> > ------------------------------------
> >
> > ---
> > To unsubscribe from enterasys, send email to listserv <at> unc.edu with
> > the
> > body: unsubscribe enterasys auerswald <at> fg-networking.de
>
> ------------------------------------
> Disclaimer and Confidentiality Note
> This e-mail communication, its attachments, if any, and any rights
> attaching to it are, unless the context clearly indicates otherwise,
> the property of Siemens (Pty) Ltd. It is confidential, private and
> intended for the addressee only. If you are not the intended recipient
> and receive this communication in error, you are hereby notified that
> any review, copying, use, discloser or distribution in any manner
> whatsoever is strictly prohibited. Please notify the sender
> immediately that you have received this e-mail in error and delete the
> e-mail and any copies of it. Views and opinions expressed in this
> e-mail are those of the sender unless clearly stated as those of
> Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss
> or damage whatsoever, and howsoever incurred or suffered resulting or
> arising from the use of this e-mail communication and/or its
> attachments. Siemens (Pty) Ltd does not warrant the integrity of this
> e-mail communication nor that it is free of errors, viruses,
> interception or interference. Siemens (Pty) Ltd, its divisions and
> subsidiary companies (“Siemens”) expressly excludes sections 11, 12,
> and 13 of the Electronic Communications and Transactions Act, 25 of
> 2002 (“the ECT”) in respect of e-contracting. No data message or
> electronic communication will be recognised as having a legal
> contractual status under the ECT Act. All agreements concluded by
> Siemens will only be legally binding when reduced to physical writing
> and physically signed by a duly authorised representative of Siemens.
> For more information about Siemens (Pty) Ltd, visit our website at
> www.siemens.com

>
> Siemens Proprietary Limited (Incorporated in South Africa) Company
> Registration Number: 1923/007514/07 Registered Address: 300 Janadel
> Avenue, Halfway House 1685 VAT Registration Number: 4790104428
> Chairman: KJ Helmrich*
> Chief Executive Officer: SU Dall’Omo*
> Chief Financial Officer: SJ Mueller*
> Executive Director: R Nkuhlu, C Klaas
> Non-Executive Directors: TK Rathmann*; Dr MI Survé Alternate
> Directors: I Amod; MK Becker* Company Secretary: U Akwiwu
> * German
>
> ------------------------------------
>
> ---
> To unsubscribe from enterasys, send email to listserv <at> unc.edu with the
> body: unsubscribe enterasys auerswald <at> fg-networking.de

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys pheko.mamabolo <at> siemens.com

------------------------------------
Disclaimer and Confidentiality Note
This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context
clearly indicates otherwise, the property of Siemens (Pty) Ltd. It is confidential, private and
intended for the addressee only. If you are not the intended recipient and receive this communication in
error, you are hereby notified that any review, copying, use, discloser or distribution in any manner
whatsoever is strictly prohibited. Please notify the sender immediately that you have received this
e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are
those of the sender unless clearly stated as those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no
liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising
from the use of this e-mail communication and/or its attachments. Siemens (Pty) Ltd does not warrant the
integrity of this e-mail communication nor that it is free of errors, viruses, interception or
interference. Siemens (Pty) Ltd, its divisions and subsidiary companies (“Siemens”) expressly
excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002
(“the ECT”) in respect of e-contracting. No data message or electronic communication will be
recognised as having a legal contractual status under the ECT Act. All agreements concluded by Siemens
will only be legally binding when reduced to physical writing and physically signed by a duly authorised
representative of Siemens. For more information about Siemens (Pty) Ltd, visit our website at www.siemens.com


Siemens Proprietary Limited (Incorporated in South Africa)
Company Registration Number: 1923/007514/07
Registered Address: 300 Janadel Avenue, Halfway House 1685
VAT Registration Number: 4790104428
Chairman: KJ Helmrich*
Chief Executive Officer: SU Dall’Omo*
Chief Financial Officer: SJ Mueller*
Executive Director: R Nkuhlu, C Klaas
Non-Executive Directors: TK Rathmann*; Dr MI Survé
Alternate Directors: I Amod; MK Becker*
Company Secretary: U Akwiwu
* German

------------------------------------

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Erik Auerswald | 27 Jan 11:41 2016
Picon

Re: Access - List Query no ICMP reply after applying access list

Hello Pheko,

you can (and probably should) apply the ACL on the Vlan Interface where the
traffic enters. Say VLAN 47 is used for the routed connection to the WAN,
and the local systems are in VLAN 431. To allow ICMP from the WAN to the
local systems, you need to apply ACL 111 on interface Vlan 47.

interface vlan 47
ip address <Transfer-to-WAN>
ip access-group 111 in

If both communication parties are local, say VLANs 431 and 531, you would
need to apply the ACL to allow ICMP to VLAN 431 (inbound) on interface Vlan
531, and vice versa.

Best regards,
Erik
-- 
Dipl.-Inform. Erik Auerswald         http://www.fg-networking.de/
auerswald <at> fg-networking.de T:+49-631-4149988-0 M:+49-176-64228513

Gesellschaft für Fundamental Generic Networking mbH
Geschäftsführung: Volker Bauer, Jörg Mayer
Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630

On Wed, Jan 27, 2016 at 10:30:35AM +0000, Mamabolo, Pheko (GS IT IN SD AAE OPS COL) wrote:
> Hi Erik,
> 
> Thank you for the feedback it is much appreciated.
> 
> If understand right you suggest I apply it like the following;
> 
>     access-list interface 111 ge.2.3 in  sequence 1
> 
> and not
> 
> interface vlan 431
> ip access-group 111 in sequence 1
> 
> With best regards,
> Pheko Mamabolo
> 
> Siemens (Proprietary) Limited
> Global Service Information Technology
> IT Infrastructure Service Delivery
> Regions Asia, Pacific, Middle East and Africa
> Operational Service Back End Essential
> GS IT IN SD R AAE OPS BEE
> Tel.: +27 11 652-2938
> Fax: +27 86 506-6018
> Mobil: +27 82 487-9822
> mailto:pheko.mamabolo <at> siemens.com
> 
> -----Original Message-----
> From: Erik Auerswald [mailto:auerswald <at> fg-networking.de]
> Sent: 27 January 2016 12:23 PM
> To: enterasys <at> listserv.unc.edu
> Cc: Mamabolo, Pheko (GS IT IN SD AAE OPS COL); Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN)
> Subject: Re: [enterasys] Access - List Query no ICMP reply after applying access list
> 
> Hello Pheko Mamabolo,
> 
> the SecureStacks do not support the "established" keyword, and they do not support to match on specific
ICMP type / code. Thus you need to enable all of ICMP. The extended ACL from your first email looks good, but
it is bound to the wrong interface.
> 
> The SecureStacks support inbound ACLs only, so you need to bind the ACL to the interface where the traffic
enters the switch. You bound it to the interface where the traffic exits the switch.
> 
> Best regards,
> Erik Auerswald
> --
> Dipl.-Inform. Erik Auerswald         http://www.fg-networking.de/
> auerswald <at> fg-networking.de T:+49-631-4149988-0 M:+49-176-64228513
> 
> Gesellschaft für Fundamental Generic Networking mbH
> Geschäftsführung: Volker Bauer, Jörg Mayer
> Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630
> 
> On Wed, Jan 27, 2016 at 09:28:19AM +0000, Mamabolo, Pheko (GS IT IN SD AAE OPS COL) wrote:
> > Hi Enterasys Community,
> >
> > Please advise on how to enable ICMP reply from Enterasys B5G124-24 after applying an extended access
-list as it does not support command ip access-list extended 'established' command.
> > Our challenge is it not allowing us to receive ICMP reply after setting the access list. I checked on
different chassis the Enterasys S4 and on this it works as the command ip access-list extended with
established is supported however not on the B5G124-24 please advise on a work around.
> >
> > With best regards,
> > Pheko Mamabolo
> >
> > Siemens (Proprietary) Limited
> > Global Service Information Technology
> > IT Infrastructure Service Delivery
> > Regions Asia, Pacific, Middle East and Africa Operational Service Back
> > End Essential GS IT IN SD R AAE OPS BEE
> > Tel.: +27 11 652-2938
> > Fax: +27 86 506-6018
> > Mobil: +27 82 487-9822
> > mailto:pheko.mamabolo <at> siemens.com
> >
> > From: Mamabolo, Pheko (GS IT IN SD AAE OPS COL)
> > [mailto:pheko.mamabolo <at> siemens.com]
> > Sent: 13 January 2016 02:51 PM
> > To: Enterasys Customer Mailing List
> > Cc: Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN)
> > Subject: RE:[Enterasys] Access - List Query I do not receive ICMP
> > reply after applying my access list
> >
> > Dears,
> >
> > Please assist I am not able to receive ICMP echo reply after applying ACL that specifically permits
certain networks to do this.
> > An example of my access list
> >
> > access-list 111 permit ICMP 172.16.49.0 0.0.0.3 67.67.67.67 interface
> > vlan 431 ip access-group 111 in sequence 1 ip address 67.67.67.67
> >
> > I have also applied ip ICMP redirect enable globally and also on the interface.
> >
> > Is there some type established command missing and what is the syntax as the B5 Layer 3 switch I am working
on is not supporting such a command.
> >
> > "permit tcp 172.16.49.0 0.0.0.3 established 67.67.67.67 0.0.0.31" this is not available on the
B5G124-24 switch?
> >
> > Please advise!!
> >
> > With best regards,
> > Pheko Mamabolo
> >
> > Siemens (Proprietary) Limited
> > Global Service Information Technology
> > IT Infrastructure Service Delivery
> > Regions Asia, Pacific, Middle East and Africa Operational Service Back
> > End Essential GS IT IN SD R AAE OPS BEE
> > Tel.: +27 11 652-2938
> > Fax: +27 86 506-6018
> > Mobil: +27 82 487-9822
> > mailto:pheko.mamabolo <at> siemens.com
> >
> >
> >
> > ------------------------------------
> > Disclaimer and Confidentiality Note
> > This e-mail communication, its attachments, if any, and any rights
> > attaching to it are, unless the context clearly indicates otherwise,
> > the property of Siemens (Pty) Ltd. It is confidential, private and
> > intended for the addressee only. If you are not the intended recipient
> > and receive this communication in error, you are hereby notified that
> > any review, copying, use, discloser or distribution in any manner
> > whatsoever is strictly prohibited. Please notify the sender
> > immediately that you have received this e-mail in error and delete the
> > e-mail and any copies of it. Views and opinions expressed in this
> > e-mail are those of the sender unless clearly stated as those of
> > Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss
> > or damage whatsoever, and howsoever incurred or suffered resulting or
> > arising from the use of this e-mail communication and/or its
> > attachments. Siemens (Pty) Ltd does not warrant the integrity of this
> > e-mail communication nor that it is free of errors, viruses,
> > interception or interference. Siemens (Pty) Ltd, its divisions and
> > subsidiary companies ("Siemens") expressly excludes sections 11, 12,
> > and 13 of the Electronic Communications and Transactions Act, 25 of
> > 2002 ("the ECT") in respect of e-contracting. No data message or
> > electronic communication will be recognised as having a legal
> > contractual status under the ECT Act. All agreements concluded by
> > Siemens will only be legally binding when reduced to physical writing
> > and physically signed by a duly authorised representative of Siemens.
> > For more information about Siemens (Pty) Ltd, visit our website at
> > www.siemens.com<http://www.siemens.com>
> >
> > Siemens (Proprietary) Limited (Incorporated in South Africa) South
> > African Company Registration Number: 1923/007514/07 Registered
> > Address: 300 Janadel Avenue, Halfway House 1685 VAT Registration
> > Number: 4790104428
> > Chairman: KJ Helmrich*
> > Chief Executive Officer: SU Dall'Omo*
> > Chief Financial Officer: SJ Mueller*
> > Executive Director: R Nkuhlu, C Klaas
> > Non-Executive Directors: TK Rathmann*; Dr MI Survé Alternate
> > Directors: I Amod; MK Becker*
> > * German
> >
> > ------------------------------------
> >
> >   *   --To unsubscribe from Enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with
the body: unsubscribe Enterasys pheko.mamabolo <at> siemens.com<mailto:pheko.mamabolo <at> siemens.com>
> >
> > ------------------------------------
> > Disclaimer and Confidentiality Note
> > This e-mail communication, its attachments, if any, and any rights
> > attaching to it are, unless the context clearly indicates otherwise,
> > the property of Siemens (Pty) Ltd. It is confidential, private and
> > intended for the addressee only. If you are not the intended recipient
> > and receive this communication in error, you are hereby notified that
> > any review, copying, use, discloser or distribution in any manner
> > whatsoever is strictly prohibited. Please notify the sender
> > immediately that you have received this e-mail in error and delete the
> > e-mail and any copies of it. Views and opinions expressed in this
> > e-mail are those of the sender unless clearly stated as those of
> > Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss
> > or damage whatsoever, and howsoever incurred or suffered resulting or
> > arising from the use of this e-mail communication and/or its
> > attachments. Siemens (Pty) Ltd does not warrant the integrity of this
> > e-mail communication nor that it is free of errors, viruses,
> > interception or interference. Siemens (Pty) Ltd, its divisions and
> > subsidiary companies ("Siemens") expressly excludes sections 11, 12,
> > and 13 of the Electronic Communications and Transactions Act, 25 of
> > 2002 ("the ECT") in respect of e-contracting. No data message or
> > electronic communication will be recognised as having a legal
> > contractual status under the ECT Act. All agreements concluded by
> > Siemens will only be legally binding when reduced to physical writing
> > and physically signed by a duly authorised representative of Siemens.
> > For more information about Siemens (Pty) Ltd, visit our website at
> > www.siemens.com
> >
> > Siemens Proprietary Limited (Incorporated in South Africa) Company
> > Registration Number: 1923/007514/07 Registered Address: 300 Janadel
> > Avenue, Halfway House 1685 VAT Registration Number: 4790104428
> > Chairman: KJ Helmrich*
> > Chief Executive Officer: SU Dall'Omo*
> > Chief Financial Officer: SJ Mueller*
> > Executive Director: R Nkuhlu, C Klaas
> > Non-Executive Directors: TK Rathmann*; Dr MI Survé Alternate
> > Directors: I Amod; MK Becker* Company Secretary: U Akwiwu
> > * German
> >
> > ------------------------------------
> >
> > ---
> > To unsubscribe from enterasys, send email to listserv <at> unc.edu with the
> > body: unsubscribe enterasys auerswald <at> fg-networking.de
> 
> ------------------------------------
> Disclaimer and Confidentiality Note
> This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the
context clearly indicates otherwise, the property of Siemens (Pty) Ltd. It is confidential, private and
intended for the addressee only. If you are not the intended recipient and receive this communication in
error, you are hereby notified that any review, copying, use, discloser or distribution in any manner
whatsoever is strictly prohibited. Please notify the sender immediately that you have received this
e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are
those of the sender unless clearly stated as those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no
liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising
from the use of this e-mail communication and/or its attachments. Siemens (Pty) Ltd does not warrant the
integrity of this e-mail communication nor that it is free of errors, viruses, interception or
interference. Siemens (Pty) Ltd, its divisions and subsidiary companies (“Siemens”) expressly
excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002
(“the ECT”) in respect of e-contracting. No data message or electronic communication will be
recognised as having a legal contractual status under the ECT Act. All agreements concluded by Siemens
will only be legally binding when reduced to physical writing and physically signed by a duly authorised
representative of Siemens. For more information about Siemens (Pty) Ltd, visit our website at www.siemens.com
> 
> Siemens Proprietary Limited (Incorporated in South Africa)
> Company Registration Number: 1923/007514/07
> Registered Address: 300 Janadel Avenue, Halfway House 1685
> VAT Registration Number: 4790104428
> Chairman: KJ Helmrich*
> Chief Executive Officer: SU Dall’Omo*
> Chief Financial Officer: SJ Mueller*
> Executive Director: R Nkuhlu, C Klaas
> Non-Executive Directors: TK Rathmann*; Dr MI Survé
> Alternate Directors: I Amod; MK Becker*
> Company Secretary: U Akwiwu
> * German
> 
> ------------------------------------
> 
> ---
> To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys auerswald <at> fg-networking.de

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org

Picon

RE: Access - List Query no ICMP reply after applying access list

Hi Erik,

Thank you for the feedback it is much appreciated.

If understand right you suggest I apply it like the following;

    access-list interface 111 ge.2.3 in  sequence 1

and not

interface vlan 431
ip access-group 111 in sequence 1

With best regards,
Pheko Mamabolo

Siemens (Proprietary) Limited
Global Service Information Technology
IT Infrastructure Service Delivery
Regions Asia, Pacific, Middle East and Africa
Operational Service Back End Essential
GS IT IN SD R AAE OPS BEE
Tel.: +27 11 652-2938
Fax: +27 86 506-6018
Mobil: +27 82 487-9822
mailto:pheko.mamabolo <at> siemens.com

-----Original Message-----
From: Erik Auerswald [mailto:auerswald <at> fg-networking.de]
Sent: 27 January 2016 12:23 PM
To: enterasys <at> listserv.unc.edu
Cc: Mamabolo, Pheko (GS IT IN SD AAE OPS COL); Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN)
Subject: Re: [enterasys] Access - List Query no ICMP reply after applying access list

Hello Pheko Mamabolo,

the SecureStacks do not support the "established" keyword, and they do not support to match on specific
ICMP type / code. Thus you need to enable all of ICMP. The extended ACL from your first email looks good, but
it is bound to the wrong interface.

The SecureStacks support inbound ACLs only, so you need to bind the ACL to the interface where the traffic
enters the switch. You bound it to the interface where the traffic exits the switch.

Best regards,
Erik Auerswald
--
Dipl.-Inform. Erik Auerswald         http://www.fg-networking.de/

auerswald <at> fg-networking.de T:+49-631-4149988-0 M:+49-176-64228513

Gesellschaft für Fundamental Generic Networking mbH
Geschäftsführung: Volker Bauer, Jörg Mayer
Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630

On Wed, Jan 27, 2016 at 09:28:19AM +0000, Mamabolo, Pheko (GS IT IN SD AAE OPS COL) wrote:
> Hi Enterasys Community,
>
> Please advise on how to enable ICMP reply from Enterasys B5G124-24 after applying an extended access
-list as it does not support command ip access-list extended 'established' command.
> Our challenge is it not allowing us to receive ICMP reply after setting the access list. I checked on
different chassis the Enterasys S4 and on this it works as the command ip access-list extended with
established is supported however not on the B5G124-24 please advise on a work around.
>
> With best regards,
> Pheko Mamabolo
>
> Siemens (Proprietary) Limited
> Global Service Information Technology
> IT Infrastructure Service Delivery
> Regions Asia, Pacific, Middle East and Africa Operational Service Back
> End Essential GS IT IN SD R AAE OPS BEE
> Tel.: +27 11 652-2938
> Fax: +27 86 506-6018
> Mobil: +27 82 487-9822
> mailto:pheko.mamabolo <at> siemens.com
>
> From: Mamabolo, Pheko (GS IT IN SD AAE OPS COL)
> [mailto:pheko.mamabolo <at> siemens.com]
> Sent: 13 January 2016 02:51 PM
> To: Enterasys Customer Mailing List
> Cc: Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN)
> Subject: RE:[Enterasys] Access - List Query I do not receive ICMP
> reply after applying my access list
>
> Dears,
>
> Please assist I am not able to receive ICMP echo reply after applying ACL that specifically permits
certain networks to do this.
> An example of my access list
>
> access-list 111 permit ICMP 172.16.49.0 0.0.0.3 67.67.67.67 interface
> vlan 431 ip access-group 111 in sequence 1 ip address 67.67.67.67
>
> I have also applied ip ICMP redirect enable globally and also on the interface.
>
> Is there some type established command missing and what is the syntax as the B5 Layer 3 switch I am working on
is not supporting such a command.
>
> "permit tcp 172.16.49.0 0.0.0.3 established 67.67.67.67 0.0.0.31" this is not available on the
B5G124-24 switch?
>
> Please advise!!
>
> With best regards,
> Pheko Mamabolo
>
> Siemens (Proprietary) Limited
> Global Service Information Technology
> IT Infrastructure Service Delivery
> Regions Asia, Pacific, Middle East and Africa Operational Service Back
> End Essential GS IT IN SD R AAE OPS BEE
> Tel.: +27 11 652-2938
> Fax: +27 86 506-6018
> Mobil: +27 82 487-9822
> mailto:pheko.mamabolo <at> siemens.com
>
>
>
> ------------------------------------
> Disclaimer and Confidentiality Note
> This e-mail communication, its attachments, if any, and any rights
> attaching to it are, unless the context clearly indicates otherwise,
> the property of Siemens (Pty) Ltd. It is confidential, private and
> intended for the addressee only. If you are not the intended recipient
> and receive this communication in error, you are hereby notified that
> any review, copying, use, discloser or distribution in any manner
> whatsoever is strictly prohibited. Please notify the sender
> immediately that you have received this e-mail in error and delete the
> e-mail and any copies of it. Views and opinions expressed in this
> e-mail are those of the sender unless clearly stated as those of
> Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss
> or damage whatsoever, and howsoever incurred or suffered resulting or
> arising from the use of this e-mail communication and/or its
> attachments. Siemens (Pty) Ltd does not warrant the integrity of this
> e-mail communication nor that it is free of errors, viruses,
> interception or interference. Siemens (Pty) Ltd, its divisions and
> subsidiary companies ("Siemens") expressly excludes sections 11, 12,
> and 13 of the Electronic Communications and Transactions Act, 25 of
> 2002 ("the ECT") in respect of e-contracting. No data message or
> electronic communication will be recognised as having a legal
> contractual status under the ECT Act. All agreements concluded by
> Siemens will only be legally binding when reduced to physical writing
> and physically signed by a duly authorised representative of Siemens.
> For more information about Siemens (Pty) Ltd, visit our website at
> www.siemens.com<http://www.siemens.com>
>
> Siemens (Proprietary) Limited (Incorporated in South Africa) South
> African Company Registration Number: 1923/007514/07 Registered
> Address: 300 Janadel Avenue, Halfway House 1685 VAT Registration
> Number: 4790104428
> Chairman: KJ Helmrich*
> Chief Executive Officer: SU Dall'Omo*
> Chief Financial Officer: SJ Mueller*
> Executive Director: R Nkuhlu, C Klaas
> Non-Executive Directors: TK Rathmann*; Dr MI Survé Alternate
> Directors: I Amod; MK Becker*
> * German
>
> ------------------------------------
>
>   *   --To unsubscribe from Enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the
body: unsubscribe Enterasys pheko.mamabolo <at> siemens.com<mailto:pheko.mamabolo <at> siemens.com>
>
> ------------------------------------
> Disclaimer and Confidentiality Note
> This e-mail communication, its attachments, if any, and any rights
> attaching to it are, unless the context clearly indicates otherwise,
> the property of Siemens (Pty) Ltd. It is confidential, private and
> intended for the addressee only. If you are not the intended recipient
> and receive this communication in error, you are hereby notified that
> any review, copying, use, discloser or distribution in any manner
> whatsoever is strictly prohibited. Please notify the sender
> immediately that you have received this e-mail in error and delete the
> e-mail and any copies of it. Views and opinions expressed in this
> e-mail are those of the sender unless clearly stated as those of
> Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss
> or damage whatsoever, and howsoever incurred or suffered resulting or
> arising from the use of this e-mail communication and/or its
> attachments. Siemens (Pty) Ltd does not warrant the integrity of this
> e-mail communication nor that it is free of errors, viruses,
> interception or interference. Siemens (Pty) Ltd, its divisions and
> subsidiary companies ("Siemens") expressly excludes sections 11, 12,
> and 13 of the Electronic Communications and Transactions Act, 25 of
> 2002 ("the ECT") in respect of e-contracting. No data message or
> electronic communication will be recognised as having a legal
> contractual status under the ECT Act. All agreements concluded by
> Siemens will only be legally binding when reduced to physical writing
> and physically signed by a duly authorised representative of Siemens.
> For more information about Siemens (Pty) Ltd, visit our website at
> www.siemens.com

>
> Siemens Proprietary Limited (Incorporated in South Africa) Company
> Registration Number: 1923/007514/07 Registered Address: 300 Janadel
> Avenue, Halfway House 1685 VAT Registration Number: 4790104428
> Chairman: KJ Helmrich*
> Chief Executive Officer: SU Dall'Omo*
> Chief Financial Officer: SJ Mueller*
> Executive Director: R Nkuhlu, C Klaas
> Non-Executive Directors: TK Rathmann*; Dr MI Survé Alternate
> Directors: I Amod; MK Becker* Company Secretary: U Akwiwu
> * German
>
> ------------------------------------
>
> ---
> To unsubscribe from enterasys, send email to listserv <at> unc.edu with the
> body: unsubscribe enterasys auerswald <at> fg-networking.de

------------------------------------
Disclaimer and Confidentiality Note
This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context
clearly indicates otherwise, the property of Siemens (Pty) Ltd. It is confidential, private and
intended for the addressee only. If you are not the intended recipient and receive this communication in
error, you are hereby notified that any review, copying, use, discloser or distribution in any manner
whatsoever is strictly prohibited. Please notify the sender immediately that you have received this
e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are
those of the sender unless clearly stated as those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no
liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising
from the use of this e-mail communication and/or its attachments. Siemens (Pty) Ltd does not warrant the
integrity of this e-mail communication nor that it is free of errors, viruses, interception or
interference. Siemens (Pty) Ltd, its divisions and subsidiary companies (“Siemens”) expressly
excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002
(“the ECT”) in respect of e-contracting. No data message or electronic communication will be
recognised as having a legal contractual status under the ECT Act. All agreements concluded by Siemens
will only be legally binding when reduced to physical writing and physically signed by a duly authorised
representative of Siemens. For more information about Siemens (Pty) Ltd, visit our website at www.siemens.com


Siemens Proprietary Limited (Incorporated in South Africa)
Company Registration Number: 1923/007514/07
Registered Address: 300 Janadel Avenue, Halfway House 1685
VAT Registration Number: 4790104428
Chairman: KJ Helmrich*
Chief Executive Officer: SU Dall’Omo*
Chief Financial Officer: SJ Mueller*
Executive Director: R Nkuhlu, C Klaas
Non-Executive Directors: TK Rathmann*; Dr MI Survé
Alternate Directors: I Amod; MK Becker*
Company Secretary: U Akwiwu
* German

------------------------------------

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Erik Auerswald | 27 Jan 11:22 2016
Picon

Re: Access - List Query no ICMP reply after applying access list

Hello Pheko Mamabolo,

the SecureStacks do not support the "established" keyword, and they do not
support to match on specific ICMP type / code. Thus you need to enable all
of ICMP. The extended ACL from your first email looks good, but it is bound
to the wrong interface.

The SecureStacks support inbound ACLs only, so you need to bind the ACL to
the interface where the traffic enters the switch. You bound it to the
interface where the traffic exits the switch.

Best regards,
Erik Auerswald
-- 
Dipl.-Inform. Erik Auerswald         http://www.fg-networking.de/
auerswald <at> fg-networking.de T:+49-631-4149988-0 M:+49-176-64228513

Gesellschaft für Fundamental Generic Networking mbH
Geschäftsführung: Volker Bauer, Jörg Mayer
Gerichtsstand: Amtsgericht Kaiserslautern - HRB: 3630

On Wed, Jan 27, 2016 at 09:28:19AM +0000, Mamabolo, Pheko (GS IT IN SD AAE OPS COL) wrote:
> Hi Enterasys Community,
> 
> Please advise on how to enable ICMP reply from Enterasys B5G124-24 after applying an extended access
-list as it does not support command ip access-list extended 'established' command.
> Our challenge is it not allowing us to receive ICMP reply after setting the access list. I checked on
different chassis the Enterasys S4 and on this it works as the command ip access-list extended with
established is supported however not on the B5G124-24 please advise on a work around.
> 
> With best regards,
> Pheko Mamabolo
> 
> Siemens (Proprietary) Limited
> Global Service Information Technology
> IT Infrastructure Service Delivery
> Regions Asia, Pacific, Middle East and Africa
> Operational Service Back End Essential
> GS IT IN SD R AAE OPS BEE
> Tel.: +27 11 652-2938
> Fax: +27 86 506-6018
> Mobil: +27 82 487-9822
> mailto:pheko.mamabolo <at> siemens.com
> 
> From: Mamabolo, Pheko (GS IT IN SD AAE OPS COL) [mailto:pheko.mamabolo <at> siemens.com]
> Sent: 13 January 2016 02:51 PM
> To: Enterasys Customer Mailing List
> Cc: Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN)
> Subject: RE:[Enterasys] Access - List Query I do not receive ICMP reply after applying my access list
> 
> Dears,
> 
> Please assist I am not able to receive ICMP echo reply after applying ACL that specifically permits
certain networks to do this.
> An example of my access list
> 
> access-list 111 permit ICMP 172.16.49.0 0.0.0.3 67.67.67.67
> interface vlan 431
> ip access-group 111 in sequence 1
> ip address 67.67.67.67
> 
> I have also applied ip ICMP redirect enable globally and also on the interface.
> 
> Is there some type established command missing and what is the syntax as the B5 Layer 3 switch I am working on
is not supporting such a command.
> 
> "permit tcp 172.16.49.0 0.0.0.3 established 67.67.67.67 0.0.0.31" this is not available on the
B5G124-24 switch?
> 
> Please advise!!
> 
> With best regards,
> Pheko Mamabolo
> 
> Siemens (Proprietary) Limited
> Global Service Information Technology
> IT Infrastructure Service Delivery
> Regions Asia, Pacific, Middle East and Africa
> Operational Service Back End Essential
> GS IT IN SD R AAE OPS BEE
> Tel.: +27 11 652-2938
> Fax: +27 86 506-6018
> Mobil: +27 82 487-9822
> mailto:pheko.mamabolo <at> siemens.com
> 
> 
> 
> ------------------------------------
> Disclaimer and Confidentiality Note
> This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the
context clearly indicates otherwise, the property of Siemens (Pty) Ltd. It is confidential, private and
intended for the addressee only. If you are not the intended recipient and receive this communication in
error, you are hereby notified that any review, copying, use, discloser or distribution in any manner
whatsoever is strictly prohibited. Please notify the sender immediately that you have received this
e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are
those of the sender unless clearly stated as those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no
liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising
from the use of this e-mail communication and/or its attachments. Siemens (Pty) Ltd does not warrant the
integrity of this e-mail communication nor that it is free of errors, viruses, interception or
interference. Siemens (Pty) Ltd, its divisions and subsidiary companies ("Siemens") expressly
excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 ("the
ECT") in respect of e-contracting. No data message or electronic communication will be recognised as
having a legal contractual status under the ECT Act. All agreements concluded by Siemens will only be
legally binding when reduced to physical writing and physically signed by a duly authorised
representative of Siemens. For more information about Siemens (Pty) Ltd, visit our website at www.siemens.com<http://www.siemens.com>
> 
> Siemens (Proprietary) Limited (Incorporated in South Africa)
> South African Company Registration Number: 1923/007514/07
> Registered Address: 300 Janadel Avenue, Halfway House 1685
> VAT Registration Number: 4790104428
> Chairman: KJ Helmrich*
> Chief Executive Officer: SU Dall'Omo*
> Chief Financial Officer: SJ Mueller*
> Executive Director: R Nkuhlu, C Klaas
> Non-Executive Directors: TK Rathmann*; Dr MI Survé
> Alternate Directors: I Amod; MK Becker*
> * German
> 
> ------------------------------------
> 
>   *   --To unsubscribe from Enterasys, send email to listserv <at> unc.edu<mailto:listserv <at> unc.edu> with the
body: unsubscribe Enterasys pheko.mamabolo <at> siemens.com<mailto:pheko.mamabolo <at> siemens.com>
> 
> ------------------------------------
> Disclaimer and Confidentiality Note
> This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the
context clearly indicates otherwise, the property of Siemens (Pty) Ltd. It is confidential, private and
intended for the addressee only. If you are not the intended recipient and receive this communication in
error, you are hereby notified that any review, copying, use, discloser or distribution in any manner
whatsoever is strictly prohibited. Please notify the sender immediately that you have received this
e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are
those of the sender unless clearly stated as those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no
liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising
from the use of this e-mail communication and/or its attachments. Siemens (Pty) Ltd does not warrant the
integrity of this e-mail communication nor that it is free of errors, viruses, interception or
interference. Siemens (Pty) Ltd, its divisions and subsidiary companies ("Siemens") expressly
excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 ("the
ECT") in respect of e-contracting. No data message or electronic communication will be recognised as
having a legal contractual status under the ECT Act. All agreements concluded by Siemens will only be
legally binding when reduced to physical writing and physically signed by a duly authorised
representative of Siemens. For more information about Siemens (Pty) Ltd, visit our website at www.siemens.com
> 
> Siemens Proprietary Limited (Incorporated in South Africa)
> Company Registration Number: 1923/007514/07
> Registered Address: 300 Janadel Avenue, Halfway House 1685
> VAT Registration Number: 4790104428
> Chairman: KJ Helmrich*
> Chief Executive Officer: SU Dall'Omo*
> Chief Financial Officer: SJ Mueller*
> Executive Director: R Nkuhlu, C Klaas
> Non-Executive Directors: TK Rathmann*; Dr MI Survé
> Alternate Directors: I Amod; MK Becker*
> Company Secretary: U Akwiwu
> * German
> 
> ------------------------------------
> 
> ---
> To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys auerswald <at> fg-networking.de

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org

Picon

Access - List Query no ICMP reply after applying access list

Hi Enterasys Community,

 

Please advise on how to enable ICMP reply from Enterasys B5G124-24 after applying an extended access -list as it does not support command ip access-list extended 'established' command.

Our challenge is it not allowing us to receive ICMP reply after setting the access list. I checked on different chassis the Enterasys S4 and on this it works as the command ip access-list extended with established is supported however not on the B5G124-24 please advise on a work around.

 

With best regards,
Pheko Mamabolo

Siemens (Proprietary) Limited

Global Service Information Technology

IT Infrastructure Service Delivery

Regions Asia, Pacific, Middle East and Africa

Operational Service Back End Essential

GS IT IN SD R AAE OPS BEE

Tel.: +27 11 652-2938
Fax: +27 86 506-6018
Mobil: +27 82 487-9822

mailto:pheko.mamabolo <at> siemens.com

From: Mamabolo, Pheko (GS IT IN SD AAE OPS COL) [mailto:pheko.mamabolo <at> siemens.com]
Sent: 13 January 2016 02:51 PM
To: Enterasys Customer Mailing List
Cc: Caeiro, Jorge; Guemadi, Mohamed-Lamine (GS IT R AAE BN BAN)
Subject: RE:[Enterasys] Access - List Query I do not receive ICMP reply after applying my access list

 

Dears,

 

Please assist I am not able to receive ICMP echo reply after applying ACL that specifically permits certain networks to do this.

An example of my access list

 

access-list 111 permit ICMP 172.16.49.0 0.0.0.3 67.67.67.67

interface vlan 431

ip access-group 111 in sequence 1

ip address 67.67.67.67

 

I have also applied ip ICMP redirect enable globally and also on the interface.

 

Is there some type established command missing and what is the syntax as the B5 Layer 3 switch I am working on is not supporting such a command.

 

"permit tcp 172.16.49.0 0.0.0.3 established 67.67.67.67 0.0.0.31" this is not available on the B5G124-24 switch?

 

Please advise!!

 

With best regards,
Pheko Mamabolo

Siemens (Proprietary) Limited

Global Service Information Technology

IT Infrastructure Service Delivery

Regions Asia, Pacific, Middle East and Africa

Operational Service Back End Essential

GS IT IN SD R AAE OPS BEE

Tel.: +27 11 652-2938
Fax: +27 86 506-6018
Mobil: +27 82 487-9822
mailto:pheko.mamabolo <at> siemens.com

 

 


------------------------------------
Disclaimer and Confidentiality Note
This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Siemens (Pty) Ltd. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments. Siemens (Pty) Ltd does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference. Siemens (Pty) Ltd, its divisions and subsidiary companies (“Siemens”) expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Siemens will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Siemens. For more information about Siemens (Pty) Ltd, visit our website at www.siemens.com

Siemens (Proprietary) Limited (Incorporated in South Africa)
South African Company Registration Number: 1923/007514/07
Registered Address: 300 Janadel Avenue, Halfway House 1685
VAT Registration Number: 4790104428
Chairman: KJ Helmrich*
Chief Executive Officer: SU Dall’Omo*
Chief Financial Officer: SJ Mueller*
Executive Director: R Nkuhlu, C Klaas
Non-Executive Directors: TK Rathmann*; Dr MI Survé
Alternate Directors: I Amod; MK Becker*
* German

------------------------------------


------------------------------------
Disclaimer and Confidentiality Note
This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Siemens (Pty) Ltd. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments. Siemens (Pty) Ltd does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference. Siemens (Pty) Ltd, its divisions and subsidiary companies (“Siemens”) expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Siemens will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Siemens. For more information about Siemens (Pty) Ltd, visit our website at www.siemens.com

Siemens Proprietary Limited (Incorporated in South Africa)
Company Registration Number: 1923/007514/07
Registered Address: 300 Janadel Avenue, Halfway House 1685
VAT Registration Number: 4790104428
Chairman: KJ Helmrich*
Chief Executive Officer: SU Dall’Omo*
Chief Financial Officer: SJ Mueller*
Executive Director: R Nkuhlu, C Klaas
Non-Executive Directors: TK Rathmann*; Dr MI Survé
Alternate Directors: I Amod; MK Becker*
Company Secretary: U Akwiwu
* German

------------------------------------

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Picon

RE:Access - List Query I do not receive ICMP reply after applying my access list

Dears,
 
Please assist I am not able to receive ICMP echo reply after applying ACL that specifically permits certain networks to do this.
An example of my access list
 
access-list 111 permit ICMP 172.16.49.0 0.0.0.3 67.67.67.67
interface vlan 431
ip access-group 111 in sequence 1
ip address 67.67.67.67
 
I have also applied ip ICMP redirect enable globally and also on the interface.
 
Is there some type established command missing and what is the syntax as the B5 Layer 3 switch I am working on is not supporting such a command.
 
"permit tcp 172.16.49.0 0.0.0.3 established 67.67.67.67 0.0.0.31" this is not available on the B5G124-24 switch?
 
Please advise!!
 
With best regards,
Pheko Mamabolo

Siemens (Proprietary) Limited
Global Service Information Technology
IT Infrastructure Service Delivery
Regions Asia, Pacific, Middle East and Africa
Operational Service Back End Essential
GS IT IN SD R AAE OPS BEE
Tel.: +27 11 652-2938
Fax: +27 86 506-6018
Mobil: +27 82 487-9822
mailto:pheko.mamabolo <at> siemens.com
 
 

------------------------------------
Disclaimer and Confidentiality Note
This e-mail communication, its attachments, if any, and any rights attaching to it are, unless the context clearly indicates otherwise, the property of Siemens (Pty) Ltd. It is confidential, private and intended for the addressee only. If you are not the intended recipient and receive this communication in error, you are hereby notified that any review, copying, use, discloser or distribution in any manner whatsoever is strictly prohibited. Please notify the sender immediately that you have received this e-mail in error and delete the e-mail and any copies of it. Views and opinions expressed in this e-mail are those of the sender unless clearly stated as those of Siemens (Pty) Ltd. Siemens (Pty) Ltd accepts no liability for any loss or damage whatsoever, and howsoever incurred or suffered resulting or arising from the use of this e-mail communication and/or its attachments. Siemens (Pty) Ltd does not warrant the integrity of this e-mail communication nor that it is free of errors, viruses, interception or interference. Siemens (Pty) Ltd, its divisions and subsidiary companies (“Siemens”) expressly excludes sections 11, 12, and 13 of the Electronic Communications and Transactions Act, 25 of 2002 (“the ECT”) in respect of e-contracting. No data message or electronic communication will be recognised as having a legal contractual status under the ECT Act. All agreements concluded by Siemens will only be legally binding when reduced to physical writing and physically signed by a duly authorised representative of Siemens. For more information about Siemens (Pty) Ltd, visit our website at www.siemens.com

Siemens (Proprietary) Limited (Incorporated in South Africa)
South African Company Registration Number: 1923/007514/07
Registered Address: 300 Janadel Avenue, Halfway House 1685
VAT Registration Number: 4790104428
Chairman: KJ Helmrich*
Chief Executive Officer: SU Dall’Omo*
Chief Financial Officer: SJ Mueller*
Executive Director: R Nkuhlu, C Klaas
Non-Executive Directors: TK Rathmann*; Dr MI Survé
Alternate Directors: I Amod; MK Becker*
* German

------------------------------------

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Johannsb | 17 Dec 14:49 2015
Picon

Re:enterasys digest: December 15, 2015

unsubscribe enterasys johannsb-lista <at> yahoo.com.br


Em Quarta-feira, 16 de Dezembro de 2015 3:11, Enterasys Customer Mailing List digest <enterasys <at> listserv.unc.edu> escreveu:


ENTERASYS Digest for Tuesday, December 15, 2015.

1. Re: Matrix(R) X-Series BGP 4-Byte ASN Support

----------------------------------------------------------------------

Subject: Re: Matrix(R) X-Series BGP 4-Byte ASN Support
From: Gustavo Veras <gustavo.fhs <at> gmail.com>
Date: Tue, 15 Dec 2015 17:53:59 -0200
X-Message-Number: 1

issue was resolved with firmware update, thanks!

2015-10-07 10:30 GMT-03:00 Gustavo Veras <gustavo.fhs <at> gmail.com>:

> Hi all,
>
> We've been recently assigned our own PI space and a 4byte AS number for
> our organization. We now have a requirement to peer with two ISP's for
> redundancy etc.
>
> However, we currently have 2 Matrix X8 routers on the outside which don't
> support 4byte AS numbers, the first ISP I need to peer with also does not
> provide current support for 4byte AS's.
>
> matrix-x(router-config)#
>
> matrix-x(router-config)# router bgp ?
>
>  <1-65535> Autonomous system number  --> Only 16bits
>
> matrix-x(router-config)# router bgp 262477
>                                    ^
> % Invalid input detected at '^' marker
>
> I'm fine with traditional peering, acceptance of default and customer
> routes, RFC1918 filtering and path manipulation, however, how do I inform
> the Internet about our AS when nothing in the path seems to support it, is
> there any way around this?
>
> All assistance greatly received.
>



---

END OF DIGEST

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys johannsb-lista <at> yahoo.com.br


  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Gustavo Veras | 15 Dec 20:53 2015
Picon

Re:Matrix(R) X-Series BGP 4-Byte ASN Support

issue was resolved with firmware update, thanks!

2015-10-07 10:30 GMT-03:00 Gustavo Veras <gustavo.fhs <at> gmail.com>:
Hi all,

We've been recently assigned our own PI space and a 4byte AS number for our organization. We now have a requirement to peer with two ISP's for redundancy etc.

However, we currently have 2 Matrix X8 routers on the outside which don't support 4byte AS numbers, the first ISP I need to peer with also does not provide current support for 4byte AS's.

matrix-x(router-config)#

matrix-x(router-config)# router bgp ?   

  <1-65535> Autonomous system number   --> Only 16bits

matrix-x(router-config)# router bgp 262477
                                    ^
% Invalid input detected at '^' marker

I'm fine with traditional peering, acceptance of default and customer routes, RFC1918 filtering and path manipulation, however, how do I inform the Internet about our AS when nothing in the path seems to support it, is there any way around this?

All assistance greatly received.

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Jeremy Julyan | 18 Nov 17:15 2015
Picon

Re: No support for 3600 series APs in v10 firmware

We have 115 still running in several schools with a 4110 controller.
We have started our migration away from Enterasys over the last 2 years, to Meraki.
Love the cloud based controller but the APs failure rate compared to the 3610s is sad.
I would say 1 in 20 out of the box had issues and then we  have 1 to 2 failures on the Meraki APs every 3 to 4 months.
The 3610s, we have had maybe 5 physical failures out of 150, over 4 years. 
Ugly beasts but they are/were reliable.

Jeremy Julyan

“Effective technology services to empower learning.”

Buffalo Trail Public Schools
Systems Analyst IV /
Division Video Conference Administrator 


On Tue, Nov 17, 2015 at 5:33 PM, James Andrewartha <jandrewartha <at> ccgs.wa.edu.au> wrote:
Hi all,

I was wondering how many of you still had 3600 series APs, as it's just
been revealed that they won't be supported in v10 EWC firmware, due out
at the end of the year:
https://community.extremenetworks.com/extreme/topics/wireless-firmware-10-x

We're fortunate enough to just have 3710s and 3825s, but I imagine
there's still a pretty big installed base out there.

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys Jeremy.Julyan <at> btps.ca

  • --To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org
Keith A. Hein | 18 Nov 17:10 2015

RE: No support for 3600 series APs in v10 firmware

Dr. kells I knew.

Keith Hein
814.866.8429

-----Original Message-----
From: Greer, Paul [mailto:pgreer <at> spscc.edu] 
Sent: Wednesday, November 18, 2015 10:34 AM
To: Enterasys Customer Mailing List
Subject: RE: [enterasys] No support for 3600 series APs in v10 firmware

Yes James we still have over 150 in service on our main campus.
We are using C4110 controllers.

Paul

-----Original Message-----
From: James Andrewartha [mailto:jandrewartha <at> ccgs.wa.edu.au] 
Sent: Tuesday, November 17, 2015 4:33 PM
To: Enterasys Customer Mailing List
Subject: [enterasys] No support for 3600 series APs in v10 firmware

Hi all,

I was wondering how many of you still had 3600 series APs, as it's just been revealed that they won't be
supported in v10 EWC firmware, due out at the end of the year:
https://community.extremenetworks.com/extreme/topics/wireless-firmware-10-x


We're fortunate enough to just have 3710s and 3825s, but I imagine there's still a pretty big installed base
out there.

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys pgreer <at> spscc.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys khein <at> lecom.edu

---
To unsubscribe from enterasys, send email to listserv <at> unc.edu with the body: unsubscribe enterasys gneu-enterasys <at> gmane.org

Gmane