ACL policy to restrict telnet is not working as desirable


I'm new using extreme switches. I have configured the following ACL policy to allow only the networks listed in the policy to connect by telnet to the switch model X480-24X, running ExtremeXOS version 15.6.4.2, however only the host with IP address 200.20.76.42 is connecting the others are being rejected.
Has anyone ever faced this problem?

Entry AllowTheseSubnets {
if match any{
source-address 200.20.76.42 /32;
source-address 187.111.111.5 /32;
source-address 200.20.66.176 /27;
}
then
{
permit ;
}
}

Tks in advance

6 replies

Userlevel 6
Make one entry per source address.

Entry AllowTheseSubnets1 {
if match any{
source-address 200.20.76.42 /32;
}
then{
permit ;
}}

Entry AllowTheseSubnets2 {
if match any{
source-address 187.111.111.5 /32;
}
then{
permit ;
}}

Entry AllowTheseSubnets3 {
if match any{
source-address 200.20.66.176 /27;
}
then{
permit ;
}}

[/code]
The policy I use without issue is similar to:

Switch1.4 # sh policy telnet
Policies at Policy Server:
Policy: telnet
entry telnet {
if match any {
source-address 12.34.56.78/32 ;
source-address 12.34.56.79/32 ;
source-address 12.34.56.80/32 ;
source-address 12.34.56.81/32 ;
source-address 12.34.56.82/32 ;
source-address 12.34.54.0/24 ;
source-address 12.34.55.0/24 ;
}
then {
permit ;
}
}
Hi Stephen,

First of all thanks for your attention,

I have configured the ACL as you suggested, even so, It's not working. Following you can see the message in the log informing the connection has been rejected.

SW-IPLAN.5 # show log
05/03/2018 15:21:28.59 Telnet connection from source 187.111.111.5 has been denied by access-list IplanAcesso. Rejecting connection.

Tks!
Userlevel 6
did you refresh the policy?
I hadn't done that! To be honest I had no idea this command was required when you change an ACL. After issuing the refresh command the ACL worked fine!

As I had told I am new in Extreme switches.

Tks!
Userlevel 6
Francisco Leitão wrote:

I hadn't done that! To be honest I had no idea this command was required when you change an ACL. After issuing the refresh command the ACL worked fine!

As I had told I am new in Extreme switches.

Tks!

No problem, we are here to help. Welcome by the way.

Reply