ExtremeSwitching (EXOS)

Expand all | Collapse all

ACL policy to restrict telnet is not working as desirable

  • 1.  ACL policy to restrict telnet is not working as desirable

    Posted 05-03-2018 15:09
    I'm new using extreme switches. I have configured the following ACL policy to allow only the networks listed in the policy to connect by telnet to the switch model X480-24X, running ExtremeXOS version 15.6.4.2, however only the host with IP address 200.20.76.42 is connecting the others are being rejected.
    Has anyone ever faced this problem?

    Entry AllowTheseSubnets {
    if match any{
    source-address 200.20.76.42 /32;
    source-address 187.111.111.5 /32;
    source-address 200.20.66.176 /27;
    }
    then
    {
    permit ;
    }
    }

    Tks in advance



  • 2.  RE: ACL policy to restrict telnet is not working as desirable

    Posted 05-03-2018 15:22
    Make one entry per source address.

    Entry AllowTheseSubnets1 {
    if match any{
    source-address 200.20.76.42 /32;
    }
    then{
    permit ;
    }}

    Entry AllowTheseSubnets2 {
    if match any{
    source-address 187.111.111.5 /32;
    }
    then{
    permit ;
    }}

    Entry AllowTheseSubnets3 {
    if match any{
    source-address 200.20.66.176 /27;
    }
    then{
    permit ;
    }}

    [/code]


  • 3.  RE: ACL policy to restrict telnet is not working as desirable

    Posted 05-03-2018 16:14
    The policy I use without issue is similar to:

    Switch1.4 # sh policy telnet
    Policies at Policy Server:
    Policy: telnet
    entry telnet {
    if match any {
    source-address 12.34.56.78/32 ;
    source-address 12.34.56.79/32 ;
    source-address 12.34.56.80/32 ;
    source-address 12.34.56.81/32 ;
    source-address 12.34.56.82/32 ;
    source-address 12.34.54.0/24 ;
    source-address 12.34.55.0/24 ;
    }
    then {
    permit ;
    }
    }



  • 4.  RE: ACL policy to restrict telnet is not working as desirable

    Posted 05-03-2018 16:28
    Hi Stephen,

    First of all thanks for your attention,

    I have configured the ACL as you suggested, even so, It's not working. Following you can see the message in the log informing the connection has been rejected.

    SW-IPLAN.5 # show log
    05/03/2018 15:21:28.59


  • 5.  RE: ACL policy to restrict telnet is not working as desirable

    Posted 05-03-2018 16:36
    did you refresh the policy?


  • 6.  RE: ACL policy to restrict telnet is not working as desirable

    Posted 05-03-2018 16:49
    I hadn't done that! To be honest I had no idea this command was required when you change an ACL. After issuing the refresh command the ACL worked fine!

    As I had told I am new in Extreme switches.

    Tks!



  • 7.  RE: ACL policy to restrict telnet is not working as desirable

    Posted 05-03-2018 16:49
    No problem, we are here to help. Welcome by the way.