topic NOS VDX-6740 - PBR construct - how to? in Data Center (VDX) https://community.extremenetworks.com/t5/data-center-vdx/nos-vdx-6740-pbr-construct-how-to/m-p/81928#M523 hi there,<BR /> I cannot quite suss out the logic behind ACLs + PBR and am asking here hoping that someone can help.<BR /> I have an ACL:<BR /> <BR /> ip access-list extended protect-VLANs<BR /> seq 10 permit ip host 192.168.2.144 any<BR /> seq 50 deny ip any 10.5.8.0 255.255.255.0<BR /> seq 51 deny ip any 10.5.7.0 255.255.255.0<BR /> seq 90 permit ip any any<BR /> <BR /> Now I go to PBR:<BR /> <BR /> Interface Ve VlanZ <BR /> ip policy route-map protect-vlans permit 10 (Active)<BR /> match ip address acl protect-VLANs <BR /> set ip vrf protect-vlans next-hop 192.168.2.199<BR /> set ip vrf protect-vlans next-hop 10.5.8.254<BR /> set interface null0 (selected)<BR /> Policy routing matches: 0 packets Note: No counters available<BR /> <BR /> VE's ip is 192.168.2.199 onto which protect-vlans PBR is applied.<BR /> <BR /> What I'm hoping to achieve is that only 192.168.2.144 could get to VLANs "behind" 192.168.2.199.<BR /> But with above no node, not 192.168.2.144 can ping 10.5.8.0/24<BR /> <BR /> I'm failing to understand the logic here, obviously. Thu, 21 Feb 2019 01:51:06 GMT Pawel_Eljasz 2019-02-21T01:51:06Z NOS VDX-6740 - PBR construct - how to? https://community.extremenetworks.com/t5/data-center-vdx/nos-vdx-6740-pbr-construct-how-to/m-p/81928#M523 hi there,<BR /> I cannot quite suss out the logic behind ACLs + PBR and am asking here hoping that someone can help.<BR /> I have an ACL:<BR /> <BR /> ip access-list extended protect-VLANs<BR /> seq 10 permit ip host 192.168.2.144 any<BR /> seq 50 deny ip any 10.5.8.0 255.255.255.0<BR /> seq 51 deny ip any 10.5.7.0 255.255.255.0<BR /> seq 90 permit ip any any<BR /> <BR /> Now I go to PBR:<BR /> <BR /> Interface Ve VlanZ <BR /> ip policy route-map protect-vlans permit 10 (Active)<BR /> match ip address acl protect-VLANs <BR /> set ip vrf protect-vlans next-hop 192.168.2.199<BR /> set ip vrf protect-vlans next-hop 10.5.8.254<BR /> set interface null0 (selected)<BR /> Policy routing matches: 0 packets Note: No counters available<BR /> <BR /> VE's ip is 192.168.2.199 onto which protect-vlans PBR is applied.<BR /> <BR /> What I'm hoping to achieve is that only 192.168.2.144 could get to VLANs "behind" 192.168.2.199.<BR /> But with above no node, not 192.168.2.144 can ping 10.5.8.0/24<BR /> <BR /> I'm failing to understand the logic here, obviously. Thu, 21 Feb 2019 01:51:06 GMT https://community.extremenetworks.com/t5/data-center-vdx/nos-vdx-6740-pbr-construct-how-to/m-p/81928#M523 Pawel_Eljasz 2019-02-21T01:51:06Z