Specifying Port Traffic Type of Greater Than 0 Not Accepted (Doc ID 757355.1)

Last updated on AUGUST 13, 2013

Applies to:

Oracle Communications IP Service Activator - Version: 5.2.1 to 5.2.3
This problem can occur on any platform.

Symptoms

Configuring Port Traffic types to Match ports greater than 0 does not take affect when created
via GUI and via OIM.

The following ACL is defined in the network:
RouterA
ip access-list extended inbound-acl
....
permit tcp any eq 4949 host 10.23.154.6 gt 1023 established
permit tcp any eq 5000 host 10.23.154.6 gt 1023 established
deny tcp any any gt 0 log
deny udp any any gt 0 log
deny ip any any

RouterB
ip access-list extended inbound-acl
......
deny tcp any any gt 0 log
deny udp any any gt 0 log
deny ip any any

RouterC
ip access-list extended inbound-acl
....
permit icmp any any
....
deny tcp any any gt 0 log
deny udp any any gt 0 log
deny ip any any

To create "deny tcp any any gt 0 log" Port Traffic needs to be defined to match TCP And Destination Greater Than 0.

In the UI this can be configured. As soon as the transaction is committed the port traffic is cleared to default values.

-- Steps To Reproduce:
Create the following traffic type

Providing OIM commands:
create /Policy:"Policy"/Domain:"MyDomain"/TrafficGroup:"TrafficGroup"/TrafficPort:"TCP:dGtPort0"
IpProtocol=6 DestPortMin=0 DestPortMax=0

create /Policy:"Policy"/Domain:"MyDomain"/TrafficGroup:"TrafficGroup"/TrafficPort:"UDP:dGtPort0"
IpProtocol=17 DestPortMin=0 DestPortMax=0


-- Business Impact:
The explicit deny statement used for debugging at the end of ACL are removed and replaced with the
command

deny tcp any any log

vs

deny tcp any any gt 0 log

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms