cancel
Showing results for 
Search instead for 
Did you mean: 

How do I configure an access list to allow only one IP through ingress port?

How do I configure an access list to allow only one IP through ingress port?

Anonymous
Not applicable
entry iprule1 {if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
else {
deny ;
}
}

I am getting error:

Error: ACL install operation failed - conflicting actions

And where is "Extreme Networks Policy Manager" cant find it on extremenewtworks.com.

12 REPLIES 12

Prashanth_KG
Extreme Employee
Hi Ashish,

I agree with the discussion above. We need to add separate entries to permit or deny the rest of the traffic. The rule1 above only matches the source IP address. So, the ARP packets could be dropped. If this is the only IP address that you would like to allow, the following ACL could be considered.

entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
}

entry iprule2 {
if {
arp-sender-address 10.1.2.246/32;
}
then {
permit;
}
}

entry iprule3 {
if {
}
then {
deny;
}
}

If you want to allow ARP packets in general, the rule2 could be modified as below:

entry iprule2 {
if {
ethernet-type 0x0806;
}
then {
permit;
}
}

Hope this helps!

Anonymous
Not applicable
This solution works perfectly!!!!!

Thankyou Mr.Prashant and everyone for your guidance 🙂

Patrick_Voss
Extreme Employee
Hi Ashish,

What AlexandrP said is corrrect except there should be another entry in there above the second if. Like so:

entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
}

entry iprule2 {
if {
}
then {
deny;
}
}

Just incase this helps here is a article written for ACL's

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS

You can place multiple entries in one policy but it will only trigger on one of them. This means that the order is important because it goes from top to bottom.

Alexandr_P
Valued Contributor
Hi, Ashish!

I think better will be:
entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
if {
}
then {
deny ;
}
}

Thank you!
GTM-P2G8KFN