ExtremeSwitching (Other)

  • 1.  SecureStack: Question regarding ACL vs. Policies

    Posted 02-23-2017 09:35
    Is it possible to use ACL (on a VLAN) AND (Enterasys) policies (on ports) (different VLANs and different ports) at the same time ? (with current 6.81.08)

    I older 6.42. / 6.61. is was not possible to use that on the same system ...

    Unfortunately there are no logging or counting option for ACL or Policies on SecureStack - is there another way to debug / troubleshoot ti see if ACL or Access Rules are used ?

    (except do a wireshark on mirror port or capture trace and run it into POlicy Manager ...)


  • 2.  RE: SecureStack: Question regarding ACL vs. Policies

    Posted 02-23-2017 12:48
    Below is from the 6.81 release notes

    ACLs

    Access Control Lists (ACLs) use the same hardware resources as Policy rules and cannot be used simultaneously with Policy.

    I know of no way to debug the ACL.



  • 3.  RE: SecureStack: Question regarding ACL vs. Policies

    Posted 02-23-2017 13:19
    This kind of limition and dependencies make sometimes features unuseable ... and my job not really attractive ...

    Several times i need in VLAN-A ACLs and VLAN-B/C/D policies with NAC ....

    Switching over to ACL completely is also not possible because ACLs are not send to Switch via RADIUS Attributes ....

    Let' s switch over to EXOS ...

    BTW: Is in EXOS a simultaneously usage of ACLs (=Extreme Policy) and OnePolicy Framework possibel ???

    Regards



  • 4.  RE: SecureStack: Question regarding ACL vs. Policies

    Posted 02-23-2017 14:40
    To repeat and address my question to EXOS guys:

    Is in EXOS a simultaneously usage of ACLs (=Extreme Policy) and OnePolicy Framework possibel ???



  • 5.  RE: SecureStack: Question regarding ACL vs. Policies

    Posted 02-23-2017 14:40


    You can run ACL and policy simultaneously on EXOS.





  • 6.  RE: SecureStack: Question regarding ACL vs. Policies

    Posted 02-23-2017 16:14
    Yes, you can run them both, but OnePolicy ACL's are dynamic ACL's and are higher precedence than a .pol ACL. So if you have the same match condition but different actions the OnePolicy ACL's action will be used.