Question

Wildcard mask in ACL

  • 10 April 2019
  • 4 replies
  • 342 views

I want to filter subnets with the same 3rd octet and different 2nd octet.
With Cisco i can use:
10.0.64.0 0.255.0.255
Is this also possible with EXOS?

Example:
seq 20 permit ip 10.0.64.0 0.255.0.255 any

4 replies

Userlevel 2
Anton,

This discussion channel is primarily for SRA products, meaning NOS, NetIron, and SLX.

For these products, your understanding is correct. For example, the source-ip

10.157.22.26

and wildcard value

0.0.0.255

mean that all hosts in the Class C subnet 10.157.22.x match the policy. In your example you used:

10.0.64.0

0.255.0.255

This would match all hosts with 10.x.64.x.

For additional Details on ACL configuration, I would suggest you review the "Security Guides" found on our documentation site:

NetIron Security Guide

NetworkOK Security Guide

SLX Security Guide

If your question pertains to the Legacy Extreme OS, I would recommend you move your post to that discussion channel.

EXOS Switching

I hope this helps,

Mike Morey
Principal Technical Support Engineer
Hello Mike,
Thanks for your fast reply.
Is i read in the EXOS guides it is not possible so i was looking for an alternative.
Now i only need to select the best switch/router.
I do not need a high end router.
24x 1Gbit ports are enough.
Any suggestion?

Bye,
Anton.
Userlevel 2
Anton,

For basic functionality, the CER/CES devices should cover normal network needs, however they are legacy devices and are approaching End of Life. This would be cost efficient, but supportability would be lacking.

For a long term solution, you could look into the SLX platform, we have an array of different variants of these boxes that may address your needs.

I would highly recommend you call into sales to discuss as I am only familiar with the SRA products we provide, there are many other solutions we may be able to offer.

Thanks,

Mike Morey
Userlevel 7
I've moved this topic to the EXOS category and deleted the duplicate post there.

Reply