https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30287#M5119 Hi everybody.<BR /> I want to add two access profiles to VLAN. For example<BR /> <BR /> First<BR /> entry block-in-abonvlan {<BR /> if match any {<BR /> ethernet-type 0x8863;<BR /> ethernet-type 0x8864;<BR /> }<BR /> then {<BR /> permit;<BR /> }<BR /> }<BR /> <BR /> entry deny (<BR /> if {<BR /> }<BR /> then {<BR /> deny;<BR /> }<BR /> }<BR /> <BR /> Second<BR /> entry BCAST {<BR /> if {<BR /> ethernet-destination-address ff:ff:ff:ff:ff:ff;<BR /> }<BR /> then {<BR /> count broadcast;<BR /> }<BR /> }<BR /> <BR /> entry ACTION {<BR /> if {<BR /> count broadcast &gt; 10000;<BR /> period 10 ;<BR /> }<BR /> then {<BR /> syslog "It's probably a broadcast storm... Rule $ruleName $ruleValue exceeds limit $ruleThreshold" WARN 120;<BR /> }<BR /> }<BR /> <BR /> What is the best way to do this? <BR /> <UL> <LI>Two .pol files and two conf access-list command. </LI><LI>Join this .pol files to one file. </LI></UL> <BR /> Wed, 21 May 2014 12:46:00 GMT eyeV 2014-05-21T12:46:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30287#M5119 Hi everybody.<BR /> I want to add two access profiles to VLAN. For example<BR /> <BR /> First<BR /> entry block-in-abonvlan {<BR /> if match any {<BR /> ethernet-type 0x8863;<BR /> ethernet-type 0x8864;<BR /> }<BR /> then {<BR /> permit;<BR /> }<BR /> }<BR /> <BR /> entry deny (<BR /> if {<BR /> }<BR /> then {<BR /> deny;<BR /> }<BR /> }<BR /> <BR /> Second<BR /> entry BCAST {<BR /> if {<BR /> ethernet-destination-address ff:ff:ff:ff:ff:ff;<BR /> }<BR /> then {<BR /> count broadcast;<BR /> }<BR /> }<BR /> <BR /> entry ACTION {<BR /> if {<BR /> count broadcast &gt; 10000;<BR /> period 10 ;<BR /> }<BR /> then {<BR /> syslog "It's probably a broadcast storm... Rule $ruleName $ruleValue exceeds limit $ruleThreshold" WARN 120;<BR /> }<BR /> }<BR /> <BR /> What is the best way to do this? <BR /> <UL> <LI>Two .pol files and two conf access-list command. </LI><LI>Join this .pol files to one file. </LI></UL> <BR /> Wed, 21 May 2014 12:46:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30287#M5119 eyeV 2014-05-21T12:46:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30288#M5120 Create one single policy and add all three rule in it. <BR /> <BR /> These matching condition will be kept in different hardware slices even though you would create single policy file or multiple files. Wed, 21 May 2014 13:38:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30288#M5120 Sumit_Tokle 2014-05-21T13:38:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30289#M5121 Thank you!<BR /> Wed, 21 May 2014 13:38:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30289#M5121 eyeV 2014-05-21T13:38:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30290#M5122 Hey eyeV I agree with Sumit having one policy is always best because the order of the entries will determine how they are executed. If you have two policies it gets tricky to determine which policy to run first.<BR /> <BR /> Hope that helps.<BR /> P<BR /> Wed, 21 May 2014 19:21:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30290#M5122 Paul_Russo 2014-05-21T19:21:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30291#M5123 <BLOCKQUOTE>If you have two policies it gets tricky to determine which policy to run first.</BLOCKQUOTE>By the way, how can I determine this order? <BR /> Wed, 21 May 2014 19:21:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30291#M5123 eyeV 2014-05-21T19:21:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30292#M5124 Please read the section "ACL Evaluation Precedence" under the ACL chapter in EXOS 15.4 concept guide, page # 701. Wed, 21 May 2014 19:21:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30292#M5124 Sumit_Tokle 2014-05-21T19:21:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30293#M5125 Thanks.<BR /> Wed, 21 May 2014 19:21:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/acl-best-practices-one-file-with-multiple-entry-or-many-files/m-p/30293#M5125 eyeV 2014-05-21T19:21:00Z