ACL in EXOS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-22-2018 07:07 AM
Hi expert,
I write an ACL and apply it to port 39 to deny all other traffic(only permit 2 host), but the deny not work. Could you please help to check the problem?
host1 ip 168.175.203.52
host1 mac D8:9D:67:F3:B3:2D
host2 ip 168.175.203.53
host2 mac 24:BE:05:E2:14:3B
Entry ipmac-52 {
If {
Source-address 168.175.203.52/32;
ethernet-source-address D8:9D:67:F3:B3:2D;
} then {
Permit;
Count syn;
}
}
Entry ipmac-53 {
If {
Source-address 168.175.203.53/32;
ethernet-source-address 24:BE:05:E2:14:3B;
} then {
Permit;
Count syn;
}
}
Entry ipmac-54 {
If { &n bsp;
Source-address 168.175.203.54/32;
ethernet-source-address 2C:41:38:4F:66:9B;
} then {
Permit;
Count syn;
}
}
Entry ipmac-55 {
&nb sp; If {
Source-address 168.175.203.55/32;
ethernet-source-address 24:BE:05:E2:00:F5;
} then {
Permit;
Count syn;
; }
}
Entry ipmac-56 {
If {
Source-address 168.175.203.56/32;
ethernet-source-address 00:19:B9:05:4A:E4;
} then {
Permit;
Count syn;
}
}
Entry default {
If {
source-address 0.0.0.0/0
} then {
Deny;
Count default;
}
}
configure access-list ipmac-fangfa ports 39 ingress
I write an ACL and apply it to port 39 to deny all other traffic(only permit 2 host), but the deny not work. Could you please help to check the problem?
host1 ip 168.175.203.52
host1 mac D8:9D:67:F3:B3:2D
host2 ip 168.175.203.53
host2 mac 24:BE:05:E2:14:3B
Entry ipmac-52 {
If {
Source-address 168.175.203.52/32;
ethernet-source-address D8:9D:67:F3:B3:2D;
} then {
Permit;
Count syn;
}
}
Entry ipmac-53 {
If {
Source-address 168.175.203.53/32;
ethernet-source-address 24:BE:05:E2:14:3B;
} then {
Permit;
Count syn;
}
}
Entry ipmac-54 {
If { &n bsp;
Source-address 168.175.203.54/32;
ethernet-source-address 2C:41:38:4F:66:9B;
} then {
Permit;
Count syn;
}
}
Entry ipmac-55 {
&nb sp; If {
Source-address 168.175.203.55/32;
ethernet-source-address 24:BE:05:E2:00:F5;
} then {
Permit;
Count syn;
; }
}
Entry ipmac-56 {
If {
Source-address 168.175.203.56/32;
ethernet-source-address 00:19:B9:05:4A:E4;
} then {
Permit;
Count syn;
}
}
Entry default {
If {
source-address 0.0.0.0/0
} then {
Deny;
Count default;
}
}
configure access-list ipmac-fangfa ports 39 ingress
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-24-2018 11:22 AM
I'm still confused why you are using both MAC addresses and IP addresses in this filter.
Does it work if you remove all of the ethernet-source-address lines?
Paul.
Does it work if you remove all of the ethernet-source-address lines?
Paul.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-24-2018 11:22 AM
I just want to increase the network security because both IP and MAC could be change by user. Not sure is there some mistake for my idea.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-24-2018 09:41 AM
are both devices behind Port 39 (with a miniswitch)?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-24-2018 09:41 AM
Hi Tim,
As Peter had mentioned, if the traffic between the hosts do not reach the xos switch and are switched in the device connected to port 39, then the ACL would not work. Is this the case?
As Peter had mentioned, if the traffic between the hosts do not reach the xos switch and are switched in the device connected to port 39, then the ACL would not work. Is this the case?
