Header Only - DO NOT REMOVE - Extreme Networks

SecureStack: Question regarding ACL vs. Policies


Userlevel 6
Is it possible to use ACL (on a VLAN) AND (Enterasys) policies (on ports) (different VLANs and different ports) at the same time ? (with current 6.81.08)

I older 6.42. / 6.61. is was not possible to use that on the same system ...

Unfortunately there are no logging or counting option for ACL or Policies on SecureStack - is there another way to debug / troubleshoot ti see if ACL or Access Rules are used ?

(except do a wireshark on mirror port or capture trace and run it into POlicy Manager ...)

5 replies

Below is from the 6.81 release notes

ACLs

Access Control Lists (ACLs) use the same hardware resources as Policy rules and cannot be used simultaneously with Policy.

I know of no way to debug the ACL.
Userlevel 6
This kind of limition and dependencies make sometimes features unuseable ... and my job not really attractive ...

Several times i need in VLAN-A ACLs and VLAN-B/C/D policies with NAC ....

Switching over to ACL completely is also not possible because ACLs are not send to Switch via RADIUS Attributes ....

Let' s switch over to EXOS ...

BTW: Is in EXOS a simultaneously usage of ACLs (=Extreme Policy) and OnePolicy Framework possibel ???

Regards
Userlevel 6
To repeat and address my question to EXOS guys:

Is in EXOS a simultaneously usage of ACLs (=Extreme Policy) and OnePolicy Framework possibel ???
M.Nees wrote:

To repeat and address my question to EXOS guys:

Is in EXOS a simultaneously usage of ACLs (=Extreme Policy) and OnePolicy Framework possibel ???



You can run ACL and policy simultaneously on EXOS.
Userlevel 6
Yes, you can run them both, but OnePolicy ACL's are dynamic ACL's and are higher precedence than a .pol ACL. So if you have the same match condition but different actions the OnePolicy ACL's action will be used.

Reply