SecureStack: Question regarding ACL vs. Policies

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Is it possible to use ACL (on a VLAN) AND (Enterasys) policies (on ports) (different VLANs and different ports) at the same time ? (with current 6.81.08)

I older 6.42. / 6.61. is was not possible to use that on the same system ...

Unfortunately there are no logging or counting option for ACL or Policies on SecureStack - is there another way to debug / troubleshoot ti see if ACL or Access Rules are used ?

(except do a wireshark on mirror port or capture trace and run it into POlicy Manager ...)
Photo of M.Nees

M.Nees, Embassador

  • 9,568 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of French, Luke

French, Luke, Employee

  • 742 Points 500 badge 2x thumb

Below  is from the 6.81 release notes

 ACLs

Access Control Lists (ACLs) use the same hardware resources as Policy rules and cannot be used simultaneously with Policy.

 I know of no way to debug the ACL.

Photo of M.Nees

M.Nees, Embassador

  • 9,568 Points 5k badge 2x thumb
This kind of limition and dependencies make sometimes features unuseable ... and my job not really attractive ...


Several times i need in VLAN-A ACLs and VLAN-B/C/D policies with NAC ....

Switching over to ACL completely is also not possible because ACLs are not send to Switch via RADIUS Attributes ....


Let' s switch over to EXOS ...

BTW: Is in EXOS a simultaneously usage of ACLs (=Extreme Policy) and OnePolicy Framework possibel ???

Regards
Photo of M.Nees

M.Nees, Embassador

  • 9,568 Points 5k badge 2x thumb
To repeat and address my question to EXOS guys:

Is in EXOS a simultaneously usage of ACLs (=Extreme Policy) and OnePolicy Framework possibel ???
Photo of French, Luke

French, Luke, Employee

  • 742 Points 500 badge 2x thumb


You can run ACL and policy simultaneously on EXOS.

Photo of Stephen Williams

Stephen Williams, Employee

  • 9,040 Points 5k badge 2x thumb
Yes, you can run them both, but OnePolicy ACL's are dynamic ACL's and are higher precedence than a .pol ACL.  So if you have the same match condition but different actions the OnePolicy ACL's action will be used.