Hi, If you post the “show acl-plugin acl”, “show acl-plugin interface”, “show acl-plugin table”, and “show interface” when it doesn’t behave as you expect, that should give more information to look at.
Also if you do the packet trace, in “show trace” you will see the acl # and line # that has denied the packet. --a > On 29 Sep 2018, at 11:23, Bingfeng Zhao <bingfeng.z...@arm.com> wrote: > > Hi VPP, > > Now we have encountered one problem in acl configuration. > 1. I set the client destination port as `12345` and `12346`, the client IP > addresses are `10.1.1.30` and `10.1.1.32`, named `client1` and `client2`, > respectively. The server has the IP address of `10.1.1.31`. Here is my > topologic graph. > <image001.png> > 2. I used vpp_api_test for configuration. I have tested that when acl rule is > set to be "deny the `10.1.1.30` address", in other words, l2 acl rules, and > it works. > 3. When I set acl rule as deny destination port as `12345`, permit > destination port as `12346`, and permit all ipv4, command is as follows: > ``` > acl_add_replace 0 deny ipv4 dport 12345, permit ipv4 dport 12346, permit ipv4 > ``` > and add it on the tap4 output port. > ``` > acl_interface_set_acl_list tap4 output 0 > ``` > However, when the server exposes `12345` port and client accesses the port > `12345`, it blocks. when the server exposes `12346` port and client accesses > the port `12346`, it blocks, too. It seems that the acl configuration doesn’t > take effect. What should I do? > > Regards, > Bingfeng > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > > View/Reply Online (#10716): https://lists.fd.io/g/vpp-dev/message/10716 > Mute This Topic: https://lists.fd.io/mt/26422162/675608 > Group Owner: vpp-dev+ow...@lists.fd.io > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [ayour...@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10717): https://lists.fd.io/g/vpp-dev/message/10717 Mute This Topic: https://lists.fd.io/mt/26422162/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-