ExtremeSwitching (EXOS)

Expand all | Collapse all

How to apply acl to a range of source ip addresses or destination ip addresses

  • 1.  How to apply acl to a range of source ip addresses or destination ip addresses

    Posted 04-21-2018 03:31
    I have one requirement regarding Extreme XOS policy. Please suggest a solution for below mentioned scenario.

      source 192.168.1.1-192.168.1.10 (range of ip addresses) destination 192.168.0.1/32 permit source 192.168.1.11-192.168.1.20 (range of ip addresses) destination 192.168.0.2/32 permit source 192.168.1.0/24 destination 192.168.0.0/24 deny




    Extreme XOS version is 16.1.3.6 and the switch model is X670G2-48x-4q (Stack)


  • 2.  RE: How to apply acl to a range of source ip addresses or destination ip addresses

    Posted 04-22-2018 15:18
    Hi,

    can you change the range of source addresses ?

    eg.

    192.168.1.0 -15 for the first server

    and

    192.168.1.15 - 31 for th second server ?

    then it looks this way:

    entry first_server {
    if {
    source-address 192.168.1.0/28;
    destination-address 192.168.0.1/32;
    } then {
    permit;
    }
    }

    entry second_server {
    if {
    source-address 192.168.1.16/28;
    destination-address 192.168.0.2/32;
    } then {
    permit;
    }
    }

    entry deny_zero_net {
    if {
    source-address 192.168.1.0/24;
    destination-address 192.168.0.0/24;
    } then {
    deny;
    }
    }

    Cheers

    André



  • 3.  RE: How to apply acl to a range of source ip addresses or destination ip addresses

    Posted 04-22-2018 15:18
    Thanks for your reply,
    I know this type subnet based acl, that i already used in my switch.
    My requirement is a specific ip range based acl not the subnet based...
    Is there any soulution like that?

    -Amjith