this stopped working when upgrading to version 7.17.2, in 7.16 it worked fine.I finally got it working. After fiddeling around it works when I add a rule at the top to allow all traffic on the customer port. After this rule I can add rules to allow the customer IP, and at the bottom a general drop rule. I also had to add mac-protocol=ip.
When the customer changes to another IP it gets blocked. Only the customer IP 10.153.4.2 is working.
This is the solution.Code:/interface ethernet switch ruleadd ports=ether2 switch=switch1 comment="Allow all customer port ether2"add ports=ether2 switch=switch1 mac-protocol=ip dst-address=10.153.4.2/32 comment="Allow customer IP"add ports=ether2 switch=switch1 mac-protocol=ip new-dst-ports="" comment="Drop all IP"
I figured that the rules only apply in incoming ports so I only needed the allow rule for the customer source address. The rule with customer destionation address was unnecessary.
Statistics: Posted by barcos — Mon Feb 10, 2025 12:55 am