How to apply acl to a range of source ip addresses or destination ip addresses


I have one requirement regarding Extreme XOS policy. Please suggest a solution for below mentioned scenario.

    source 192.168.1.1-192.168.1.10 (range of ip addresses) destination 192.168.0.1/32 permit source 192.168.1.11-192.168.1.20 (range of ip addresses) destination 192.168.0.2/32 permit source 192.168.1.0/24 destination 192.168.0.0/24 deny




Extreme XOS version is 16.1.3.6 and the switch model is X670G2-48x-4q (Stack)

2 replies

Userlevel 4
Hi,

can you change the range of source addresses ?

eg.

192.168.1.0 -15 for the first server

and

192.168.1.15 - 31 for th second server ?

then it looks this way:

entry first_server {
if {
source-address 192.168.1.0/28;
destination-address 192.168.0.1/32;
} then {
permit;
}
}

entry second_server {
if {
source-address 192.168.1.16/28;
destination-address 192.168.0.2/32;
} then {
permit;
}
}

entry deny_zero_net {
if {
source-address 192.168.1.0/24;
destination-address 192.168.0.0/24;
} then {
deny;
}
}

Cheers

André
André Herkenrath wrote:

Hi,

can you change the range of source addresses ?

eg.

192.168.1.0 -15 for the first server

and

192.168.1.15 - 31 for th second server ?

then it looks this way:

entry first_server {
if {
source-address 192.168.1.0/28;
destination-address 192.168.0.1/32;
} then {
permit;
}
}

entry second_server {
if {
source-address 192.168.1.16/28;
destination-address 192.168.0.2/32;
} then {
permit;
}
}

entry deny_zero_net {
if {
source-address 192.168.1.0/24;
destination-address 192.168.0.0/24;
} then {
deny;
}
}

Cheers

André

Thanks for your reply,
I know this type subnet based acl, that i already used in my switch.
My requirement is a specific ip range based acl not the subnet based...
Is there any soulution like that?

-Amjith

Reply