This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ACL Basic

ACL Basic

EtherNation_Use
Contributor II

‎01-07-2014 10:01 PM

Create Date: May 3 2013 2:16PM

HiI'm not quite getting ACL's so far. I have a few vlans all with ipforwarding enabled and ips for the vlans.vlan 1 10.10.1.0/24vlan 2 10.10.2.0/24

I was hoping the following would allow ping from vlan 1 to vlan 2 but block all else, but it doesn't seem to work, do i need to also allow the return traffic or am i incorrect..so if i create this policy (below) and configure via :

configure access-list thepolicy vlan "Vlan 2"

Code:

@description "Allow ICMP ping"
entry ping_allow_echo_request
{
if {
protocol icmp;
icmp-type echo-request;
source-address 10.10.1.0/24;
} then {
permit;
}
}
@description "Default block all"

entry deny_default_all {
if {
}
then {
deny;
}
}
(from conrad_jones)
0 Kudos
2 REPLIES 2

EtherNation_Use
Contributor II

‎01-07-2014 10:01 PM

Create Date: May 5 2013 6:22PM

got it working, added echo-reply to the same network but as destination network

thank you

Code:

@description "Allow ICMP ping"
entry ping_allow_echo_request
{
if {
protocol icmp;
icmp-type echo-request;
source-address 10.10.1.0/24;
} then {
permit;
}
}
entry ping_allow_echo_reply
{
if {
protocol icmp;
icmp-type echo-reply;
destination-address 10.10.1.0/24;
} then {
permit;
}
}

@description "Default block all"

entry deny_default_all {
if {
}
then {
deny;
}
}

(from conrad_jones)
0 Kudos

EtherNation_Use
Contributor II

‎01-07-2014 10:01 PM

Create Date: May 3 2013 7:18PM

You have to allow the return as well. ACLs in XOS aren't stateful. If you allow the echo requests back, you should get the result you want. (from Ansley_Barnes)
0 Kudos
GTM-P2G8KFN