https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exosvm-access-list-help/m-p/60983#M17724 <P>Hello, I have lab in GNS3 with 2 pc, exosvm switch and ubuntu server with www on apache and SSH. How can I connect PC1 only to www site and PC2 only to SSH. How can I use ACL to do it? Any advice?&nbsp;<BR />I’m glad for any help.</P> Thu, 26 Nov 2020 01:27:00 GMT jasiowski 2020-11-26T01:27:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exosvm-access-list-help/m-p/60983#M17724 <P>Hello, I have lab in GNS3 with 2 pc, exosvm switch and ubuntu server with www on apache and SSH. How can I connect PC1 only to www site and PC2 only to SSH. How can I use ACL to do it? Any advice?&nbsp;<BR />I’m glad for any help.</P> Thu, 26 Nov 2020 01:27:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exosvm-access-list-help/m-p/60983#M17724 jasiowski 2020-11-26T01:27:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exosvm-access-list-help/m-p/60984#M17725 <P>Jasioswski,</P><P>Here from my cheat sheet:</P><P><CODE>#STATIC = from a policy<BR /><BR />&nbsp;&nbsp; &nbsp;'1-Check if there are enough ACL resources available<BR /><BR />&nbsp;&nbsp; &nbsp;'2-Create a STATIC ACL policy file<BR /><BR />&nbsp;&nbsp; &nbsp;#edit policy &lt;policy-name&gt;.pol 'edit = vi<BR /><BR />&nbsp;&nbsp; &nbsp;# entry &lt;rule-name&gt; {<BR /><BR />&nbsp;&nbsp; &nbsp;# if {&lt;condition&gt;;}<BR /><BR />&nbsp;&nbsp; &nbsp;# then{&lt;actions&gt;;}<BR /><BR />&nbsp;&nbsp; &nbsp;# }<BR /><BR />&nbsp;&nbsp; &nbsp;edit policy denyTelnet.pol<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;entry noTelnet {<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;if {<BR /><BR /><STRONG>&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;destination-address 10.1.10.1/32;<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;source-address 10.1.10.101/32;<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;protocol tcp;<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;destination-port 23;</STRONG><BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;}<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;then {<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;deny;<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;}<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;}<BR /><BR />&nbsp;&nbsp; &nbsp;'3-Save or copy the policy file to the flash as .pol<BR /><BR />&nbsp;&nbsp; &nbsp;'4-Check the policy for syntax errors<BR /><BR />&nbsp;&nbsp; &nbsp;check policy &lt;policy-name&gt;<BR /><BR />&nbsp;&nbsp; &nbsp;'5-Apply the policy to port(s), VLAN(s) or any "wildcard"<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;#immediately applied<BR /><BR />&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;#precedence is port, VLAN, wildcard<BR /><BR />&nbsp;&nbsp; &nbsp;configure access-list &lt;policy-name&gt;.pol ports &lt;ports_numbers&gt;[ingress|egress]<BR /><BR />&nbsp;&nbsp; &nbsp;configure access-list &lt;policy-name&gt;.pol vlan &lt;vlan_name|vlan_ID&gt;[ingress|egress]<BR /><BR />&nbsp;&nbsp; &nbsp;configure access-list &lt;policy-name&gt;.pol any [ingress|egress]<BR /><BR />&nbsp;&nbsp; &nbsp;refresh policy &lt;policy_name&gt; 'will refresh the deployment of the policy<BR /><BR />&nbsp;&nbsp; &nbsp;'6-VERIFY<BR /><BR />&nbsp;&nbsp; &nbsp;show policy<BR /><BR />&nbsp;&nbsp; &nbsp;show policy &lt;policy-name&gt;<BR /><BR />&nbsp;&nbsp; &nbsp;show access-list</CODE></P><P>Mig</P> Sat, 28 Nov 2020 17:01:19 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/exosvm-access-list-help/m-p/60984#M17725 Miguel-Angel_RO 2020-11-28T17:01:19Z