Loss of OAM access after applying PERMIT ACL on Ericsson BBU

OSS and NOC
, ,
1

Hello Telecom Experts,

I am currently working on an Ericsson BBU and I need your support regarding ACL configuration for the OAM access plan.

I already attempted the configuration, but I am facing an issue:

  • I created an ACL with PERMIT rules for the ENM access IP address.

  • The ACL itself is in permit mode.

  • However, once I apply this ACL to the OAM access interface, I completely lose access to the BBU, even though the source IP should be permitted.

I would like to ask:

  • Are there any common pitfalls with ACLs on Ericsson BBUs for OAM access?

  • Is there a recommended step-by-step procedure (MOP) to avoid losing connectivity?

  • Should additional rules (e.g. default permit, return traffic, management IPs, protocols) be explicitly defined?

  • Is there any specific order or dependency when applying ACLs on OAM interfaces?

Any guidance, best practices, or examples would be highly appreciated.

Loss of OAM access after applying PERMIT ACL on Ericsson BBU
Loss of OAM access after applying PERMIT ACL on Ericsson BBU1536×1024 237 KB

2

Hi, @Amine_Hechiche, first thing is brmfailsafe activation:

set BrmFailsafeBackup timeoutLength 600
acc BrmFailsafeBackup activate

RBS will automatically rollback on CV if you loose OAM.

Second thing is configuration entries for both directions - in and out:

crn Transport=1,Router=oam,AclIpv4=ingress,AclEntryIpv4=enm_in
    action 0
    priority 10  # priority
    addrDst 192.168.0.1/30  # RBS oam address
    addrSrc 10.10.10.0/24  # ENM subnetwork
end
crn Transport=1,Router=oam,AclIpv4=egress,AclEntryIpv4=enm_out
    action 0
    priority 11
    addrDst 10.10.10.0/24  # ENM subnetwork
    addrSrc 192.168.0.1/30  # RBS oam address
end

Attach ACL to interface:

set Transport=1,Router=oam,InterfaceIPv4=1 aclEgress Transport=1,Router=oam,AclIpv4=egress
set Transport=1,Router=oam,InterfaceIPv4=1 aclIngress Transport=1,Router=oam,AclIpv4=ingress

If all above is OK, then deactivate brmfailsafe:

acc BrmFailsafeBackup deactivate
1 Like
3

Hello Míster @vlr9999

Thanks for your reply.

Can you please spicify which one should be used as permit ?

Should we add dent ACL ?

BR.

4

@Amine_Hechiche,

action 0  # PERMIT
action 1  # DENY

You can choose from 2 strategies:

  1. Add entries with PERMIT action - then packets from other subnetworks are dropped.
  2. Add default entry with PERMIT and other entries with DENY action.

And/or there is available filter by IP protocol.

1 Like
5

Thanks ! I will test that and come back

Best regards sincerly !