Hello
I am new to QoS. I have a printer connected to the port 21 from a 3CRBSG2893. All I wanto to do is to permit only packets comming from the Windows server to reach the printer, dropping all other packages (later I would allow ICMP packets). The reason is because printing directly to the printer, the users would bypass the accounting software which runs on the server. I am trying to do this using QoS thru the Web Management Platform but I cannot make it work. So I made a test:
- Created an Advanced ACL specifying IP traffic to the server (destination IP) - just to test a single line rule using PERMIT or even DENY.
- Created a Classifier with that single rule/ACL
- Created a Behaviour with Filter Enable DENY
- Created a Policy whith the Classifier and the Behavior and applied to the port which the printer is connected to.
I thought the traffic to the server (Inbound to the port where the printer is connected) would be blocked (remember I am just trying to learn how this works), but it was not. And I found this message in the log file:
Classifier-Behavior ClassDenySrv in Policy PolicyExample applied on interface GigabitEthernet1/0/21 failed. Reason: Part of ACL rules are not supported.
Port Detail:
Interface: GigabitEthernet1/0/21
Direction: Inbound
Policy: PolDenySrv
Classifier: ClassDestSrv (Failed) <<<<<
Operator: AND
Rule(s) : If-match acl 3013
Behavior: BehaviorDeny
Filter Enable: deny
Policy:
ClassDestSrv BehaviorDeny
Behavior:
User Defined Behavior Information:
Behavior: BehaviorDeny
Filter enable: deny
Classifier ClassDestSrv
Rule Type Rule Value
ACL IPv4 3013
ACL 3013
5 permit ip destination xxx.yyy.zzz.13 0
logging
What is wrong in Classifier or ACL?
Thanks
Luis
#ACL#2928#v1910