https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56075#M16312 I'm new using extreme switches. I have configured the following ACL policy to allow only the networks listed in the policy to connect by telnet to the switch model X480-24X, running ExtremeXOS version 15.6.4.2, however only the host with IP address 200.20.76.42 is connecting the others are being rejected.<BR /> Has anyone ever faced this problem?<BR /> <BR /> Entry AllowTheseSubnets {<BR /> if match any{<BR /> source-address 200.20.76.42 /32;<BR /> source-address 187.111.111.5 /32;<BR /> source-address 200.20.66.176 /27;<BR /> }<BR /> then<BR /> {<BR /> permit ;<BR /> }<BR /> }<BR /> <BR /> Tks in advance<BR /> <BR /> Thu, 03 May 2018 22:09:00 GMT Francisco_Leitã 2018-05-03T22:09:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56075#M16312 I'm new using extreme switches. I have configured the following ACL policy to allow only the networks listed in the policy to connect by telnet to the switch model X480-24X, running ExtremeXOS version 15.6.4.2, however only the host with IP address 200.20.76.42 is connecting the others are being rejected.<BR /> Has anyone ever faced this problem?<BR /> <BR /> Entry AllowTheseSubnets {<BR /> if match any{<BR /> source-address 200.20.76.42 /32;<BR /> source-address 187.111.111.5 /32;<BR /> source-address 200.20.66.176 /27;<BR /> }<BR /> then<BR /> {<BR /> permit ;<BR /> }<BR /> }<BR /> <BR /> Tks in advance<BR /> <BR /> Thu, 03 May 2018 22:09:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56075#M16312 Francisco_Leitã 2018-05-03T22:09:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56076#M16313 Make one entry per source address. <BR /> <BR /> Entry AllowTheseSubnets1 {<BR /> if match any{<BR /> source-address 200.20.76.42 /32;<BR /> }<BR /> then{<BR /> permit ;<BR /> }}<BR /> <BR /> Entry AllowTheseSubnets2 {<BR /> if match any{<BR /> source-address 187.111.111.5 /32;<BR /> }<BR /> then{<BR /> permit ;<BR /> }}<BR /> <BR /> Entry AllowTheseSubnets3 {<BR /> if match any{<BR /> source-address 200.20.66.176 /27;<BR /> }<BR /> then{<BR /> permit ;<BR /> }}<BR /> <BR /> Thu, 03 May 2018 22:22:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56076#M16313 StephenW 2018-05-03T22:22:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56077#M16314 The policy I use without issue is similar to:<BR /> <BR /> Switch1.4 # sh policy telnet<BR /> Policies at Policy Server:<BR /> Policy: telnet<BR /> entry telnet { <BR /> if match any { <BR /> source-address 12.34.56.78/32 ;<BR /> source-address 12.34.56.79/32 ;<BR /> source-address 12.34.56.80/32 ;<BR /> source-address 12.34.56.81/32 ;<BR /> source-address 12.34.56.82/32 ;<BR /> source-address 12.34.54.0/24 ;<BR /> source-address 12.34.55.0/24 ;<BR /> }<BR /> then {<BR /> permit ;<BR /> }<BR /> }<BR /> <BR /> Thu, 03 May 2018 23:14:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56077#M16314 Joe_Sheldon_ 2018-05-03T23:14:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56078#M16315 Hi Stephen,<BR /> <BR /> First of all thanks for your attention,<BR /> <BR /> I have configured the ACL as you suggested, even so, It's not working. Following you can see the message in the log informing the connection has been rejected.<BR /> <BR /> SW-IPLAN.5 # show log<BR /> 05/03/2018 15:21:28.59 <TELNETD.REJCTCONNACCESSDENY> Telnet connection from source 187.111.111.5 has been denied by access-list IplanAcesso. Rejecting connection.<BR /> <BR /> Tks!<BR /> <BR /></TELNETD.REJCTCONNACCESSDENY> Thu, 03 May 2018 23:28:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56078#M16315 Francisco_Leitã 2018-05-03T23:28:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56079#M16316 did you refresh the policy?<BR /> Thu, 03 May 2018 23:36:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56079#M16316 StephenW 2018-05-03T23:36:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56080#M16317 I hadn't done that! To be honest I had no idea this command was required when you change an ACL. After issuing the refresh command the ACL worked fine!<BR /> <BR /> As I had told I am new in Extreme switches.<BR /> <BR /> Tks!<BR /> <BR /> Thu, 03 May 2018 23:49:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56080#M16317 Francisco_Leitã 2018-05-03T23:49:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56081#M16318 No problem, we are here to help. Welcome by the way.<BR /> Thu, 03 May 2018 23:49:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-policy-to-restrict-telnet-is-not-working-as-desirable/m-p/56081#M16318 StephenW 2018-05-03T23:49:00Z