Hello Ron,
You would have two ways to implement this :
If you use “dynamic ACL” [assuming you want to deny it on a “desktop” vlan] , what you could do is
# create the ACL rule
create access-list Cobranet-deny "ethernet-type 0x8819;" "count cobranet-pkt; deny;"
#for each desktop vlan
configure access-list add "Cobranet-deny" first vlan "Desktop" ingress
X670-48x.8 # sh access-list dynamic rule "Cobranet-deny"
entry Cobranet-deny {
if match all {
ethernet-type 0x8819 ;
} then {
count cobranet-pkt ;
deny ;
} }
X670-48x.9 # sh access-list dynamic counter
Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
* * ingress
cobranet-pkt 0
If you use a policy file, the ACL would probably look like this
# create a policy file
X670-48x.17 # edit policy cobranet
# edit policy cobranet
entry Cobranet {
if {
ethernet-type 0x8819;
} then {
deny ;
count cobranet;
}
}
# apply the policy file to a vlan
X670-48x.14 # configure access-list cobranet vlan default
X670-48x.15 # show access-list
Vlan Name Port Policy Name Dir Rules Dyn Rules
===================================================================
Default * cobranet ingress 1 1
X670-48x.16 # show access-list counter
Policy Name Vlan Name Port Direction
Counter Name Packet Count Byte Count
==================================================================
cobranet Default * ingress
cobranet 0
There is a good document around ACL :
https://www.extremenetworks.com/wp-content/uploads/2014/10/ACL_Solutions_Guide.pdf
