ExtremeSwitching (EXOS)

Expand all | Collapse all

how can I create a access-list on egress to allow only a few vlans inside a vman ? drop all doesnt work too

  • 1.  how can I create a access-list on egress to allow only a few vlans inside a vman ? drop all doesnt work too

    Posted 03-12-2018 17:02
    HI,
    my target is to allow only a few vlans from a vman to exit a specific port.

    example port 1, 2 and 3 at untagged in vman 2000.
    all traffic from 1 should be forwarded to 2 and vice versa. only vlan 100 and 102 should be forwarded to port 3.. I do not know the vlans inserted into port 1 and 2 except 100 and 102 therefore the vman untagged idea.

    to start I tried a deny all rule on port 3
    docu say egress rule:
    denyAll.pol
    entry DenyAllEgress{
    if {
    source-address 0.0.0.0/0;
    } then {
    deny;
    }
    }[/code]but after
    configure access-list denyAll ports 3 egress
    still all traffic is visible at port 3 and also on the next switch...

    Whats the fault and whats the solution ?


  • 2.  RE: how can I create a access-list on egress to allow only a few vlans inside a vman ? drop all doesnt work too

    Posted 03-12-2018 18:10
    Hi Immo,

    It sounds like what you want to do is configure port 3 as a customer edge port, allowing inner tags 100 and 102 only.

    For example,
    configure vman


  • 3.  RE: how can I create a access-list on egress to allow only a few vlans inside a vman ? drop all doesnt work too

    Posted 03-12-2018 18:10
    ok but how about untagged and vlan 0 traffic ?