cancel
Showing results for 
Search instead for 
Did you mean: 

Layer-2 Protocol Tunneling ACL on X670V

Layer-2 Protocol Tunneling ACL on X670V

AlexanderT
New Contributor
ExOS is summitX-15.3.1.4-patch1-31

Examples are from ACL Solutions Guide

What is wrong with this ACLs ?

* sw2.g50.kv.38 # edit policy l2pt-cdp-inentry cdp_pdu {
if {
ethernet-destination-address 01:00:0c??cc:cc ;
snap-type 0x2000 ;
} then {
replace-ethernet-destination-address 01:00:0c?cd:d0 ;
count cdp_ingress ;
}
}

* sw2.g50.kv.39 # edit policy l2pt-cdp-outentry cdp_pdu {
if {
ethernet-destination-address 01:00:0c?cd:d0 ;
snap-type 0x2000 ;
} then {
replace-ethernet-destination-address 01:00:0c??cc:cc ;
count cdp_egress ;
}
}

* sw2.g50.kv.40 # conf access-list l2pt-cdp-in ports 5 ingress
Error: ACL install operation failed - vlan *, port 5, rule "cdp_pdu" Invalid parameter (user-defined field (UDF))
* sw2.g50.kv.41 # conf access-list l2pt-cdp-out ports 5 egress

Error: ACL install operation failed - conditions specified in rule "cdp_pdu" cannot be satisfied by hardware on vlan *, port 5
* sw2.g50.kv.42 #
6 REPLIES 6

AlexanderT
New Contributor
So, Is there a chance to transport a PDUs on ExOS 15.3 at x670v switch ?

Upgrade is not suitable.

Dorian_Perry
Extreme Employee
Hi Pavel,

At this point it may be time to contact GTAC. The problem appears to be with the action "replace-ethernet-destination-address" as the ACL does not cause an error when this action is removed.

Another option to consider is an EXOS upgrade to the recommended version for the X670 to use Layer 2 Protocol Tunneling.
Read about L2PT (Starting on page 2333)
http://extrcdn.extremenetworks.com/wp-content/uploads/2015/01/ExtremeXOS_15_5_User-Guide.pdf

AlexanderT
New Contributor
System Type: X670V-48x

BrandonC
Extreme Employee
Hi Pavel,

What model of switch is this?

-Brandon
GTM-P2G8KFN