https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13487#M891 Can you also tell me how to remove the vlan on the other side. is there any ACL rule or anything that can remove the added acl on the other port at egress.. Tue, 20 Mar 2018 09:07:00 GMT Danial_Jalil 2018-03-20T09:07:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13480#M884 I want to add an ingress ACL to a port that adds a vlan to an untagged traffic. if the traffic is tagged it should add a second vlan. following is my code but somehow i am facing error. is it the right syntax to implement it<BR /> <BR /> entry testing {<BR /> if match all {<BR /> } then {<BR /> permit;<BR /> add-vlan-id 51;<BR /> }<BR /> } <BR /> <BR /> #configure access-list testing ports 4 ingress Mon, 19 Mar 2018 23:42:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13480#M884 Danial_Jalil 2018-03-19T23:42:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13481#M885 Can you show us the error you are seeing? Mon, 19 Mar 2018 23:48:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13481#M885 Patrick_Voss 2018-03-19T23:48:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13482#M886 It's correct, but your switch/version needs to support this ACL action modifier. It came out in 16.1.<BR /> Tue, 20 Mar 2018 00:30:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13482#M886 StephenW 2018-03-20T00:30:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13483#M887 it is 21.1.1.4 Tue, 20 Mar 2018 00:30:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13483#M887 Danial_Jalil 2018-03-20T00:30:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13484#M888 Could you try the following -<BR /> entry rule {<BR /> if {<BR /> vlan-format untagged;<BR /> } then {<BR /> add-vlan-id 51;<BR /> class-id 2;<BR /> }<BR /> }<BR /> <BR /> I remember encountering this in a case. "Add-Vlan-Id" works with class-id. Also ensure the VLAN ID you are adding is an available VLAN on the ingress and egress ports. Tue, 20 Mar 2018 09:07:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13484#M888 Sushruth_Sathya 2018-03-20T09:07:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13485#M889 What is meant by available Vlan.. its already created if thats what you are asking.. if it means something else could you please explain it:) Tue, 20 Mar 2018 09:07:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13485#M889 Danial_Jalil 2018-03-20T09:07:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13486#M890 it works, it seems for ingress ACL class id is needed..thank you for the help Sushruth.. you are awesome  Tue, 20 Mar 2018 09:07:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13486#M890 Danial_Jalil 2018-03-20T09:07:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13487#M891 Can you also tell me how to remove the vlan on the other side. is there any ACL rule or anything that can remove the added acl on the other port at egress.. Tue, 20 Mar 2018 09:07:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13487#M891 Danial_Jalil 2018-03-20T09:07:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13488#M892 If you want to remove and ACL on a port, then the command is -<BR /> unconfig access-list <ACL name=""> ingress/egress</ACL> Tue, 20 Mar 2018 09:07:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13488#M892 Sushruth_Sathya 2018-03-20T09:07:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13489#M893 Available VLAN means that the VLAN must be added to both the ingress and egress ports. Tue, 20 Mar 2018 09:07:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13489#M893 Sushruth_Sathya 2018-03-20T09:07:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13490#M894 Can you guys tell me how to remove the VLAN on the other side. is there any ACL rule or anything that can remove the added acl on the other port at egress..(what i want to achieve is internal forwarding mechanism for one port to another..but i cannot do that with macs/ips as all macs will be the same) Thu, 22 Mar 2018 23:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13490#M894 Danial_Jalil 2018-03-22T23:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13491#M895 I'm not sure I understand this question. Do you want to perform an L2 redirect from one port to another? Thu, 22 Mar 2018 23:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13491#M895 Sushruth_Sathya 2018-03-22T23:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13492#M896 Yes! an untag flow enters on lets say port 1 and should be redirected to lets say port 2.. there should be no tag on the traffic when going in port 1 .. and going out of port 2... how do i do thhis? i thought i could assign an internal vlan.. to route traffic from port 1 to 2 .. but then how do i remove this internal traffic when the traffic is leaving port 2? or is there any other approch to do this? Thu, 22 Mar 2018 23:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13492#M896 Danial_Jalil 2018-03-22T23:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13493#M897 <A href="https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Layer-2-PBR" target="_blank" rel="nofollow noreferrer noopener">https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-configure-Layer-2-PBR</A><BR /> <BR /> You can use L2 redirect using the redirect-port action modifier. Refer the attached article. Thu, 22 Mar 2018 23:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13493#M897 Sushruth_Sathya 2018-03-22T23:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13494#M898 Could you please explain a bit what does port 3:5 means.. i mean i am using extreme network x670 which has 48 ports.. so i should just mentioned redirect-port lets say 48 right? Thu, 22 Mar 2018 23:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13494#M898 Danial_Jalil 2018-03-22T23:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13495#M899 3:5 means slot 3 port 5. This will come into play when using chassis or stacked switches. For a single standalone switch, you can use just the port number. Thu, 22 Mar 2018 23:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13495#M899 Sushruth_Sathya 2018-03-22T23:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13496#M900 I still am not able to redirect the flow from port46 to port 45.i am receiving traffic on port 46 but it is not redirecting it to port 45 as shown in the statistics. can you tell me what am i doing wrong? below is the configuration..<BR /> <BR /> ACL....<BR /> <BR /> entry one {<BR /> if match all {<BR /> } then {<BR /> redirect-port 45;<BR /> }<BR /> }<BR /> <BR /> * 46 testing2 ingress 1 0 <BR /> <BR /> X670V-48x.40 # show ports 45-48 statistics<BR /> Port Statistics Thu Mar 29 11:21:56 2018<BR /> Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx Pkt Rx Pkt Tx Pkt Tx Pkt<BR /> State Count Count Count Count Bcast Mcast Bcast Mcast<BR /> ========= ===== =========== =========== =========== =========== =========== =========== =========== ===========<BR /> 45 A 0 0 0 0 0 0 0 0<BR /> 46 A 0 0 1251587 1882386848 0 0 0 0<BR /> <BR /> ========= ===== =========== =========== =========== =========== =========== =========== =========== ===========<BR /> &gt; in Port indicates Port Display Name truncated past 8 characters<BR /> &gt; in Count indicates value exceeds column width. Use 'wide' option or '0' to clear.<BR /> Link State: A-Active, R-Ready, NP-Port Not Present L-Loopback<BR /> 0-&gt;Clear Counters U-&gt;page up D-&gt;page down ESC-&gt;exit<BR /> Thu, 22 Mar 2018 23:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13496#M900 Danial_Jalil 2018-03-22T23:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13497#M901 Danial, what sort of traffic is expected in port 46 ingress. Tagged or untagged? Are the VLANs allowed on port 46 also allowed on port 45?<BR /> Thu, 22 Mar 2018 23:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13497#M901 Sushruth_Sathya 2018-03-22T23:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13498#M902 Yes the vlans are allowed on both the ports.. and untagged traffic is expected on port 46 ingress . Thu, 22 Mar 2018 23:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13498#M902 Danial_Jalil 2018-03-22T23:09:00Z https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13499#M903 Any help please? Thu, 22 Mar 2018 23:09:00 GMT https://community.extremenetworks.com/t5/network-architecture-design/acl-for-add-vlan-id/m-p/13499#M903 Danial_Jalil 2018-03-22T23:09:00Z