cancel
Showing results for 
Search instead for 
Did you mean: 

EXOS ACL, Explict, Match, Dynamic, Policy

EXOS ACL, Explict, Match, Dynamic, Policy

Anonymous
Not applicable
Have some specific questions about EXOS ACL's I am hoping someone can help with:

  1. Dynamic and Policy ACL's - do these have a Explicit Deny or Permit at the end of each. I know I can create either / or but not sure what the default process is and if its the same for each type?
  2. If I create a Policy ACL with just an 'if' statement and NO match condition, i.e. 'match all', would it still match all elements in the statement like Source Address, Protocol and Port Number?
  3. Whats the main difference and reasons for creating ACL's as a policy than Dynamic and visa versa, here's some that I can think of:
  • Policy ACL you can edit the rule, i.e. if you wanted to add a count to a rule as opposed to a Dynamic ACL you would have to remove the ACL and re-add it amended.
  • Dynamic ACL's help if you are used to writing them directly in the command line.
  • Dynamic ACL's you can re-use rules per individual rule.
  • Policy ACL's you can apply many rules at once with a single command.
Thanks in advance.

8 REPLIES 8

Bill_Stritzinge
Extreme Employee
Here is a link to the guide for anyone else following the thread: http://extrcdn.extremenetworks.com/wp-content/uploads/2014/10/ACL_Solutions_Guide.pdf

Seems that ACL based matching on XOS 15.6 doesn’t support matching of the inner dot1p/q tag. Is there a newer software that support it?

Anonymous
Not applicable
Many thanks for taking the time reply, now all understood.

Stephane_Grosj1
Extreme Employee
Also, don't confuse ACL with Policies (Routing Policies). They share the same syntax pre-processor, but behave slightly differently, while Routing Policies do have a "match any" that is not available to ACL.
GTM-P2G8KFN