S3 ACLs vs CISCO ACLs ... it seems something is not working as expected ...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-18-2017 03:33 PM
I all ...
we're trying to migrate a CISCO configuration to a S3 ...
everything is going fine about L2 and L3,
but we're facing some issues with ACLs ...
we "copied" and "paste" from CISCO to the S3,
changing some little stuff like protocol names and others ...
the strange thing is that on the CISCO everything was working fine ...
on the S3 instead, we had some issues ... we had to move some rules before others to make them work, but without a reason ...
I mean ... for example ...
- Rule A
- Rule B
- Rule C
Rule C is the matching one, and rules A and B has NOTHING to share with rule C ...
on CISCO everything was working perfectly ... and it worked for years with no rule changes ...
on the S3 we had to move Rule C before Rule A to make it work ...
I know it sounds "unreal", but is what we "experienced" for some rules ...
is there any know best practice? anything we maybe forgot?
any know "bug" or misbehavior?
this is the firmware we have
Chassis Firmware Revision: 08.32.02.0009
please let us know
best regards
Stefano
we're trying to migrate a CISCO configuration to a S3 ...
everything is going fine about L2 and L3,
but we're facing some issues with ACLs ...
we "copied" and "paste" from CISCO to the S3,
changing some little stuff like protocol names and others ...
the strange thing is that on the CISCO everything was working fine ...
on the S3 instead, we had some issues ... we had to move some rules before others to make them work, but without a reason ...
I mean ... for example ...
- Rule A
- Rule B
- Rule C
Rule C is the matching one, and rules A and B has NOTHING to share with rule C ...
on CISCO everything was working perfectly ... and it worked for years with no rule changes ...
on the S3 we had to move Rule C before Rule A to make it work ...
I know it sounds "unreal", but is what we "experienced" for some rules ...
is there any know best practice? anything we maybe forgot?
any know "bug" or misbehavior?
this is the firmware we have
Chassis Firmware Revision: 08.32.02.0009
please let us know
best regards
Stefano
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-18-2017 04:24 PM
Limits from the release notes.
ACLs 1,000
-Access Rules 5,000
-Access Rules – Per ACL 5,000
We do not have any best practices specific to EOS or the S-Series.
ACLs 1,000
-Access Rules 5,000
-Access Rules – Per ACL 5,000
We do not have any best practices specific to EOS or the S-Series.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-18-2017 04:24 PM
Hi,
that sound as we were thinking ...
I mean, that the LOGIC between the 2 vendors should be the same ...
We have to admit the ACL is a very ong one ...
600 rules ... more or less ...
any known "limit"?
is there any best practice?
thanks again
Stefano
that sound as we were thinking ...
I mean, that the LOGIC between the 2 vendors should be the same ...
We have to admit the ACL is a very ong one ...
600 rules ... more or less ...
any known "limit"?
is there any best practice?
thanks again
Stefano
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎07-18-2017 04:24 PM
Sorry you had an issue, because I would expect the logic of the ACL to be identical to Cisco. I am not aware of any ACL issue related to ordering, and I double-checked the KB and the release notes.
