cancel
Showing results for 
Search instead for 
Did you mean: 

Create ACL

Create ACL

EtherNation_Use
Contributor II
Create Date: Mar 11 2013 7:43PM

How do I create an ACL to limit access on a port to a predefined list of ip's?

Thanks (from Vince_MacNeil)
7 REPLIES 7

EtherNation_Use
Contributor II
Create Date: Mar 12 2013 10:21PM

screenplay is free. all you need to do is run the command "enable web http" in the switch and then in your internet browser type the IP address of the switch. It will take you to the GUI of the switch. (from ethernet)

EtherNation_Use
Contributor II
Create Date: Mar 12 2013 1:51PM

Policy Manager (wizard tool) is free. Not sure about Screenplay, never worked with that. (from Ansley_Barnes)

EtherNation_Use
Contributor II
Create Date: Mar 12 2013 1:46PM

Have you heard of XOS Screen Play? I found some info on Extremes site. It is a gui based config tool. I'm not sure if its free. Is the policy wizrd a free tool?

Thanks (from Vince_MacNeil)

EtherNation_Use
Contributor II
Create Date: Mar 12 2013 1:37PM

If you have more than one IP to allow the standard policy ACLs are probably cleaner and easier to maintain. They're not difficult to set up. I use the command line editor via SSH to do my policy file editing (it's a built-in version of vi.)

1. edit policy ip-restriction
2. hit "i" to enter interactive mode, then paste the rule
3. hit esc, then type ZZ to save and quit the editor (like I said, it's vi, so editor commands are the same)
3a. [Optional, but recommended] check policy ip-restriction
4. configure access-list ip-restriction ports 1:5

Done. You can type "ls" into the main CLI to see all the policy files you have saved on the switch (it's a stripped-down, busybox-type linux shell.) You can also transfer files to the switch via TFTP or SFTP if you're more comfortable with that. I'm sure Ridgeline has something similar as well, and it's free for up to 10 switches, I just don't currently use it. Extreme Networks Policy Manager has a great wizard interface for constructing, editing, and exploring policy files, and can save them to a switch via TFTP when they're done. It's pretty simple, just a different workflow from Cisco/Juniper.

I'm not aware of a place to find many examples of these ACLs, but they're fairly straightforward. If you need a quick reference on what attributes you can match in a policy file, you can, from the CLI, type:

check policy attribute

then hit Tab for a complete list. Type in any of the attributes to get a description. (from Ansley_Barnes)
GTM-P2G8KFN