Can anyone please assist me with access list , show me how to create access list using cli command on EXOS


Userlevel 1
Access list

21 replies

Userlevel 6
Here is an article that explains how to create and apply an ACL:

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS
Userlevel 6
Hello Sivyile

In XoS there are dynamic ACLs that you can execute on the cli and are usually in used until the switch is rebooted. A permanent ACL is done using a policy file. This file can be created using the CLI using the built in VI editor.

I am assuming you need the permanent version. What I would recommend is to create the file using notepad on the computer and then transferring it to the switch using FTP or the newer web management of the switch (21.x)

The best way to do this initially is to go into the concepts guide and copy the example that is in there and paste it to notepad then manipulate it.

If there is something specific you need to do with the ACL let us know and we can create it for you but need the data

Thanks
P
Sivuyile,

The below article shows how to create an access-list in EXOS CLI

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS
Userlevel 6
Hi Sivuyile, please see the Articles below:

How to create and apply an ACL in EXOS

Another option (CLI instead of Policy file) is using Dynamic ACL. You can see an example in the User Guide in the link below:

http://documentation.extremenetworks.com/exos/exos_21_1/acl/t_create-the-dynamic-acl-rule.shtml
Userlevel 1
Thanks Guys let me look on the link and see what i'm gone come up with ,
Userlevel 2
Here's our ACL Solutions Guide. It is a bit outdated but may provide the information you are looking for...http://documentation.extremenetworks.com/PDFs/EXOS/ACL_Solutions_Guide.pdf
Userlevel 1
Hi

My problem now on VI I am unable to save my access list and go back to command line i have try to use :w for save and :wq to write and quit it seems both commands are not working can some please help me ...

I'm not too sure if i'm allowed to past what i was doing here ?

Thnaks
Userlevel 6
Have you exited insert mode? If there is a capital "I" in the bottom left your in insert mode.
Press:
  1. esc
  2. :
  3. wq
  4. enter
Userlevel 1
Stephen Williams wrote:

Have you exited insert mode? If there is a capital "I" in the bottom left your in insert mode.
Press:

  1. esc
  2. :
  3. wq
  4. enter

Hi Stephen

I have tryed esc to escape is not working i tryed :q! is not work and :wq
small and capital letter it keep on going down

to escape i have switch off the switch or take out the console

can i please show you my running command ?

Thanks
Userlevel 6
Stephen Williams wrote:

Have you exited insert mode? If there is a capital "I" in the bottom left your in insert mode.
Press:

  1. esc
  2. :
  3. wq
  4. enter

Sure, What version of EXOS are you running. I like Paul's idea with 21.1 with the new web editor.
Userlevel 6
Stephen Williams wrote:

Have you exited insert mode? If there is a capital "I" in the bottom left your in insert mode.
Press:

  1. esc
  2. :
  3. wq
  4. enter

If you are able to exit from "insert mode", you can try some alternatives as follows:
  1. esc
  2. :x
  3. enter
or
  1. esc
  2. ZZ
Userlevel 1
Stephen Williams wrote:

Have you exited insert mode? If there is a capital "I" in the bottom left your in insert mode.
Press:

  1. esc
  2. :
  3. wq
  4. enter

Thanks ZZ works
Userlevel 6
Stephen Williams wrote:

Have you exited insert mode? If there is a capital "I" in the bottom left your in insert mode.
Press:

  1. esc
  2. :
  3. wq
  4. enter

Great! 🙂

Maybe ":" is not being recognized for some reason.
Userlevel 1
Stephen Williams wrote:

Have you exited insert mode? If there is a capital "I" in the bottom left your in insert mode.
Press:

  1. esc
  2. :
  3. wq
  4. enter

thanks i can go back to the command line now when i type ZZ , but now my configure look like has not been saved

when i want to use my file its not found
Userlevel 1
Core-Switch.30 # show version

Image : ExtremeXOS version 21.1.1.4 21.1.1.4-patch1-2 by release-manager on Fri Apr 15 12:41:44 EDT 2016
BootROM : 1.0.1.7
Diagnostics : 5.3
Userlevel 1
Please see results

Core-Switch.31 # vi packetcounter.pol
entry packecounter {
if match all {
source-address 192.168.31.122/32;
destination-address 192.168.32.41./32;
} then {
count test ;
permit ;
}
}
:w
:wq
:q!






~
Userlevel 1
Siva wrote:

Please see results

Core-Switch.31 # vi packetcounter.pol
entry packecounter {
if match all {
source-address 192.168.31.122/32;
destination-address 192.168.32.41./32;
} then {
count test ;
permit ;
}
}
:w
:wq
:q!






~

When I use the :wq or :q! and press enter it take me to the next line
Userlevel 6
Siva wrote:

Please see results

Core-Switch.31 # vi packetcounter.pol
entry packecounter {
if match all {
source-address 192.168.31.122/32;
destination-address 192.168.32.41./32;
} then {
count test ;
permit ;
}
}
:w
:wq
:q!






~

When you get into VI you have to press "i" to type. After the entry is finished press escape. This should put the cursor at the bottom blinking. Type in :wq then enter.
Userlevel 6
Siva wrote:

Please see results

Core-Switch.31 # vi packetcounter.pol
entry packecounter {
if match all {
source-address 192.168.31.122/32;
destination-address 192.168.32.41./32;
} then {
count test ;
permit ;
}
}
:w
:wq
:q!






~

I think your not getting out of insert mode. make sure the "I" changed to a "-" before you do :wq
Userlevel 6
Siva wrote:

Please see results

Core-Switch.31 # vi packetcounter.pol
entry packecounter {
if match all {
source-address 192.168.31.122/32;
destination-address 192.168.32.41./32;
} then {
count test ;
permit ;
}
}
:w
:wq
:q!






~

Try to press "esc" many times and then ":wq".

Are you using console or telnet access? I'm wondering if that could be something with terminal emulator. If you are using console access, try via telnet.
Userlevel 1
Siva wrote:

Please see results

Core-Switch.31 # vi packetcounter.pol
entry packecounter {
if match all {
source-address 192.168.31.122/32;
destination-address 192.168.32.41./32;
} then {
count test ;
permit ;
}
}
:w
:wq
:q!






~

I'm using console okay let me add the switch to the network so that i can use telnet ...
Userlevel 6
What emulator are you using? Is it set to VT100?

Reply