How to apply acl to a range of source ip addresses or destination ip addresses

  • 0
  • 2
  • Question
  • Updated 5 months ago
  • Answered
I have one requirement regarding Extreme XOS policy. Please suggest a solution for below mentioned scenario.


  • source 192.168.1.1-192.168.1.10 (range of ip addresses)

  • destination 192.168.0.1/32
  • permit


  • source 192.168.1.11-192.168.1.20 (range of ip addresses)
  • destination 192.168.0.2/32
  • permit


  • source 192.168.1.0/24
  • destination 192.168.0.0/24
  • deny


Extreme XOS version is 16.1.3.6 and the switch model is X670G2-48x-4q (Stack)
Photo of Amjith

Amjith

  • 90 Points 75 badge 2x thumb

Posted 5 months ago

  • 0
  • 2
Photo of André Herkenrath

André Herkenrath, Employee

  • 1,962 Points 1k badge 2x thumb
Hi,

can you change the range of source addresses ?

eg.

192.168.1.0 -15 for the first server

and 

192.168.1.15 - 31 for th second server  ?


then it looks this way:


entry first_server {
  if {
      source-address 192.168.1.0/28;
      destination-address 192.168.0.1/32;
  } then {
      permit;
  }
}

entry second_server {
  if {
      source-address 192.168.1.16/28;
      destination-address 192.168.0.2/32;
  } then {
      permit;
  }
}

entry deny_zero_net {
  if {
      source-address 192.168.1.0/24;
      destination-address 192.168.0.0/24;
  } then {
      deny;
  }
}


Cheers

André
Photo of Amjith

Amjith

  • 90 Points 75 badge 2x thumb
Thanks for your reply,
I know this type subnet based acl, that i already used in my switch.
My requirement is a specific ip range based acl not the subnet based...
Is there any soulution like that?

-Amjith