Header Only - DO NOT REMOVE - Extreme Networks

ACL definition protocols/ports

Hi, It's possible to configure more than one protocol on the same line definition ?
I tried "protocol tcp,udp" but doesn't work.

When specifying a port, it's possible to add on the same line more than one ?
I tried :

destination-port 88; -> specify port 88
destination-port 88 - 90; -> specifies ports 88,89,90

It's possible to have an ACL policy file with e.g. protocols and ports definitions to be used by later by more than one policy ?


4 replies

Userlevel 7
ACL have a "match all" rule, ie a logical AND. For such reason you cannot have several protocols definition, because no packet could match them all. A packet cannot be udp and tcp at the same time, for example. Range of port is supported, you have it right. The "match any" that you can find is for Routing Policies only.
If I want to specify a port list but they are not on a range, It's possible ?
e.g. I want to allow AD authentication, that haves different ports but they are not on a range, can I list on some way ?

I tried without success:

destination-port 88,389;
Userlevel 6
Hello agd

The only way to specify more than one port is to have multiple entries in the same policy file. For example you can have one entry that looks at source IP address and destination-port 88 and then entry #2 with the same source IP and destination port 389.

That would accomplish any packet that matches either scenario.

Let me know if that helps

Great ! Very clear.

It's possible to have a definition of ports on a file and then make a reference from another policy file ?