https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86005#M20643 <P>Hi Giuseppe,</P><P>&nbsp;</P><P>AFAIU it should be still that by default we have ingress direction for applied ACLs unless instructed otherwise in the command. For the ACL you mention, ingress should be fine.</P><P>Are there any other ACLs in place? Port-based ACLs have higher precedence than VLAN-based ACLs (which have higher precedence than wildcard, device-wide ACLs). So if .pol applied to a port is checked and the packet is matched, no further .pol contents in TCAM are evaluated against the packet.</P><P>Same with dynamic ACLs having precedence over static (.pol) ACLs.</P><P>&nbsp;</P><P>Hope that helps,</P><P>Tomasz</P> Wed, 30 Jun 2021 18:29:30 GMT Tomasz 2021-06-30T18:29:30Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86002#M20640 <P>Good evening</P><P>I have this ACL:</P><P>if match all {<BR />&nbsp;&nbsp;&nbsp; source-address 192.168.253.70/32 ;<BR />&nbsp;&nbsp;&nbsp; destination-address 192.168.170.8/32 ;<BR />}<BR />then {<BR />&nbsp;&nbsp;&nbsp; deny&nbsp; ;<BR />}<BR />}<BR />&nbsp;</P><P>&nbsp;</P><P>On X440 works ( my lab ) ( version 31.1.2 )</P><P>On X450 it does not work&nbsp; ( customer ) ( version 30.0.7 )</P><P>Anybody can tell me why ?</P><P>Thanks</P><P>Giuseppe</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 25 Jun 2021 03:26:07 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86002#M20640 Giuseppe_Montan 2021-06-25T03:26:07Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86003#M20641 <P>How did you apply the ACL? per Port or per VLAN?&nbsp;</P> Sat, 26 Jun 2021 20:56:01 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86003#M20641 Stefan_K_ 2021-06-26T20:56:01Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86004#M20642 <P>Hi Stefan, I apply the ACL per Vlan, do you know when I have to use ingress and when Egress ?</P><P>I thing the problem is there.</P><P>Giuseppe</P> Tue, 29 Jun 2021 01:48:29 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86004#M20642 Giuseppe_Montan 2021-06-29T01:48:29Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86005#M20643 <P>Hi Giuseppe,</P><P>&nbsp;</P><P>AFAIU it should be still that by default we have ingress direction for applied ACLs unless instructed otherwise in the command. For the ACL you mention, ingress should be fine.</P><P>Are there any other ACLs in place? Port-based ACLs have higher precedence than VLAN-based ACLs (which have higher precedence than wildcard, device-wide ACLs). So if .pol applied to a port is checked and the packet is matched, no further .pol contents in TCAM are evaluated against the packet.</P><P>Same with dynamic ACLs having precedence over static (.pol) ACLs.</P><P>&nbsp;</P><P>Hope that helps,</P><P>Tomasz</P> Wed, 30 Jun 2021 18:29:30 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86005#M20643 Tomasz 2021-06-30T18:29:30Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86006#M20644 <P>Hi, I solved the problem.</P><P>in this case ( a server inside Vlan 192.168.170 ) I hat to use egress at the end of ACL.</P><P>Thanks</P><P>Giuseppe</P><DIV><PRE>&nbsp;</PRE></DIV> Fri, 02 Jul 2021 15:17:32 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/same-acl-on-x440-works-on-x460-no/m-p/86006#M20644 Giuseppe_Montan 2021-07-02T15:17:32Z