https://community.extremenetworks.com/t5/extremeswitching-eos/s3-acls-vs-cisco-acls-it-seems-something-is-not-working-as/m-p/60001#M1812 I all ...<BR /> <BR /> we're trying to migrate a CISCO configuration to a S3 ...<BR /> everything is going fine about L2 and L3, <BR /> but we're facing some issues with ACLs ...<BR /> <BR /> we "copied" and "paste" from CISCO to the S3,<BR /> changing some little stuff like protocol names and others ...<BR /> <BR /> the strange thing is that on the CISCO everything was working fine ...<BR /> on the S3 instead, we had some issues ... we had to move some rules before others to make them work, but without a reason ... <BR /> I mean ... for example ...<BR /> - Rule A<BR /> - Rule B<BR /> - Rule C<BR /> <BR /> Rule C is the matching one, and rules A and B has NOTHING to share with rule C ...<BR /> on CISCO everything was working perfectly ... and it worked for years with no rule changes ...<BR /> on the S3 we had to move Rule C before Rule A to make it work ...<BR /> <BR /> I know it sounds "unreal", but is what we "experienced" for some rules ...<BR /> <BR /> is there any know best practice? anything we maybe forgot?<BR /> any know "bug" or misbehavior?<BR /> <BR /> this is the firmware we have<BR /> Chassis Firmware Revision: 08.32.02.0009<BR /> <BR /> please let us know<BR /> <BR /> best regards<BR /> <BR /> Stefano<BR /> <BR /> Tue, 18 Jul 2017 22:33:00 GMT Stefano_Dall_Os 2017-07-18T22:33:00Z https://community.extremenetworks.com/t5/extremeswitching-eos/s3-acls-vs-cisco-acls-it-seems-something-is-not-working-as/m-p/60001#M1812 I all ...<BR /> <BR /> we're trying to migrate a CISCO configuration to a S3 ...<BR /> everything is going fine about L2 and L3, <BR /> but we're facing some issues with ACLs ...<BR /> <BR /> we "copied" and "paste" from CISCO to the S3,<BR /> changing some little stuff like protocol names and others ...<BR /> <BR /> the strange thing is that on the CISCO everything was working fine ...<BR /> on the S3 instead, we had some issues ... we had to move some rules before others to make them work, but without a reason ... <BR /> I mean ... for example ...<BR /> - Rule A<BR /> - Rule B<BR /> - Rule C<BR /> <BR /> Rule C is the matching one, and rules A and B has NOTHING to share with rule C ...<BR /> on CISCO everything was working perfectly ... and it worked for years with no rule changes ...<BR /> on the S3 we had to move Rule C before Rule A to make it work ...<BR /> <BR /> I know it sounds "unreal", but is what we "experienced" for some rules ...<BR /> <BR /> is there any know best practice? anything we maybe forgot?<BR /> any know "bug" or misbehavior?<BR /> <BR /> this is the firmware we have<BR /> Chassis Firmware Revision: 08.32.02.0009<BR /> <BR /> please let us know<BR /> <BR /> best regards<BR /> <BR /> Stefano<BR /> <BR /> Tue, 18 Jul 2017 22:33:00 GMT https://community.extremenetworks.com/t5/extremeswitching-eos/s3-acls-vs-cisco-acls-it-seems-something-is-not-working-as/m-p/60001#M1812 Stefano_Dall_Os 2017-07-18T22:33:00Z https://community.extremenetworks.com/t5/extremeswitching-eos/s3-acls-vs-cisco-acls-it-seems-something-is-not-working-as/m-p/60002#M1813 Sorry you had an issue, because I would expect the logic of the ACL to be identical to Cisco. I am not aware of any ACL issue related to ordering, and I double-checked the KB and the release notes.<BR /> <BR /> <BR /> <BR /> Tue, 18 Jul 2017 23:24:00 GMT https://community.extremenetworks.com/t5/extremeswitching-eos/s3-acls-vs-cisco-acls-it-seems-something-is-not-working-as/m-p/60002#M1813 Luke_French 2017-07-18T23:24:00Z https://community.extremenetworks.com/t5/extremeswitching-eos/s3-acls-vs-cisco-acls-it-seems-something-is-not-working-as/m-p/60003#M1814 Hi, <BR /> that sound as we were thinking ... <BR /> I mean, that the LOGIC between the 2 vendors should be the same ...<BR /> We have to admit the ACL is a very ong one ...<BR /> 600 rules ... more or less ...<BR /> any known "limit"?<BR /> is there any best practice?<BR /> <BR /> thanks again<BR /> <BR /> Stefano<BR /> Tue, 18 Jul 2017 23:24:00 GMT https://community.extremenetworks.com/t5/extremeswitching-eos/s3-acls-vs-cisco-acls-it-seems-something-is-not-working-as/m-p/60003#M1814 Stefano_Dall_Os 2017-07-18T23:24:00Z https://community.extremenetworks.com/t5/extremeswitching-eos/s3-acls-vs-cisco-acls-it-seems-something-is-not-working-as/m-p/60004#M1815 Limits from the release notes.<BR /> <BR /> ACLs 1,000 <BR /> -Access Rules 5,000 <BR /> -Access Rules – Per ACL 5,000 <BR /> We do not have any best practices specific to EOS or the S-Series. <BR /> <BR /> Tue, 18 Jul 2017 23:24:00 GMT https://community.extremenetworks.com/t5/extremeswitching-eos/s3-acls-vs-cisco-acls-it-seems-something-is-not-working-as/m-p/60004#M1815 Luke_French 2017-07-18T23:24:00Z