Solved

Help required for ACL policy

  • 15 October 2020
  • 5 replies
  • 59 views

Hi Team,

 

I need to create an acl in exos which will permit traffic if it matches source, destination & protocol in addition with any port from list of port.

I created the policy like below but it giving me an error.

entry 3 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
protocol tcp;
}
if match any {
destination-port 8080; 
destination-port 2121; 
} then {
count test;
permit;
}
}

check policy Mundra.pol
Error:  Policy Mundra has syntax errors
Line 25 : Did not get expected keyword "then","if" is not valid

 

Please help.
 

 

 

icon

Best answer by Miguel-Angel RODRIGUEZ-GARCIA 15 October 2020, 10:10

I think you’re missing the then statement for the entry 3:

entry 3 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
destination-port 8080; 
protocol tcp;
} then {
count test;
permit;

}}

entry 4 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
destination-port 2121; 
protocol tcp;
} then {
count test;
permit;

}}
 

 

Mig

View original

5 replies

Userlevel 6
Badge +1

ddpatil,

The error is mentioning line 25 and your entry is #3.

Could you share the full policy file?

Mig

vi Mundra.pol
i
entry 1 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.10/32;
} then {
count test;
deny;
}
}
entry 2 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.141/32;
} then {
count test;
deny;
}
}
entry 3 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
protocol tcp;
}
if match any {   ---------------------- error belongs to this line
destination-port 8080; 
destination-port 2121; 
} then {
count test;
permit;
}
}
 

Userlevel 6
Badge +1

I think you’re missing the then statement for the entry 3:

entry 3 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
destination-port 8080; 
protocol tcp;
} then {
count test;
permit;

}}

entry 4 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
destination-port 2121; 
protocol tcp;
} then {
count test;
permit;

}}
 

 

Mig

thanks for help. it resolved my issue.

Userlevel 6
Badge +1

You’re welcome,

Please mark the topic as solved

Mig

Reply