cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Dynamic ACL Application

Dynamic ACL Application

Freiu
New Contributor
Hello,
i am working with dynamic ACLs and i have multiple ACLs for applications like RDP, HTTP, HTTPS is there any way i can reduce the number of lines in the following ACLs or i can specify multiple port numbers in one line. so i can reduce my configuration.
create access-list HTTP-IN "source-address 10.10.10.0/24;protocol tcp;destination-port 80" "count HTTP;permit"
create access-list HTTPS-IN "source-address 10.10.10.0/24;protocol tcp;destination-port 443" "count HTTPS;permit"
create access-list SSH-IN "source-address 10.10.10.0/24;protocol tcp;destination-port 22" "count SSH;permit"

configure access-list add HTTP-IN first vlan "V67_Server" ingress
configure access-list add HTTPS-IN last vlan "V67_Server" ingress
configure access-list add SSH-IN last vlan "V67_Server" ingress
6 REPLIES 6

Freiu
New Contributor
Paul, Thanks for your help!!

Paul_Russo
Extreme Employee
Hello Freiu

I am sorry but I do not believe you can do multiple port values on the same line for example destination-port 80;22;443.

The way the ACL works everything in the If part of the statement or the conditions is either match all or match any so think of it as everything is "and" or "or" so in this case the packet would have to have all three ports values. If it is an "or" you could do destination-port 23; destination-port 443; destination port 80. The ACL will do an "or" on each statement. In this case you wouldn't be able to do subnet 10.10.10.0 and destination-port or destination-port.

So there is no option for having an "and" and "or" statement in the same ACL.

I hope this is clear

P

Hey Freiu

No I don't believe source-zones and destination-zones are not supported in dynamic ACLs.

When I try and execute a dynamic ACL with a zone it errors out.

P

Hi Paul,
are Network Zones supported in Dynamic ACLs?

create access-list TestCompressedout "destination-zone zone1;source-port 80" "count HTTP;permit"
GTM-P2G8KFN