cancel
Showing results for 
Search instead for 
Did you mean: 

help with ACL

help with ACL

Daniel_Valera1
New Contributor II
Hi! I want to know if the next ACL can be simplified

entry VLAN_Admin_snmp {
if {
source-address 10.170.70.0/24;
protocol udp;
destination-port 161;
} then {
permit;
}
}
entry VLAN_Admin_snmptrap {
if {
source-address 10.170.70.0/24;
protocol udp;
destination-port 162;
} then {
permit;
}
}
entry VLAN_AdminCarso_snmptrap {
if {
source-address 172.30.110.200/29;
protocol udp;
destination-port 161;
} then {
permit;
}
}
entry VLAN_AdminCarso_snmptrap {
if {
source-address 172.30.110.200/29;
protocol udp;
destination-port 162;
} then {
permit;
}
}
entry VLAN_AdminSERMET_snmptrap {
if {
source-address 10.170.95.192/28;
protocol udp;
destination-port 161;
} then {
permit;
}
}
entry VLAN_AdminSERMET_snmptrap {
if {
source-address 10.170.95.192/28;
protocol udp;
destination-port 162;
} then {
permit;
}
}
entry Block_SNMP {
if match all {
source-address 0.0.0.0/0;
protocol udp;
destination-port 161;
} then {
deny;
}
}
entry block_SNMPTRAPS {
if {
source-address 0.0.0.0/0;
protocol udp;
destination-port 162;
} then {
deny;
}
}
2 REPLIES 2

Kevin_Kim
Extreme Employee
I would use 'port range' in the 'destination-port' statements.

entry VLAN_Admin_snmp_trap {
if {
source-address 10.170.70.0/24;
protocol udp;
destination-port 161 - 162;
} then {
permit;
}
}

Thanks Kevin... regards
GTM-P2G8KFN