Extreme Networks

Tim_Smith1 · ‎05-22-2018

Hi expert,
I write an ACL and apply it to port 39 to deny all other traffic(only permit 2 host), but the deny not work. Could you please help to check the problem?

host1 ip 168.175.203.52
host1 mac D8:9D:67:F3:B3:2D
host2 ip 168.175.203.53

host2 mac 24:BE:05:E2:14:3B

Entry ipmac-52 {
If {
Source-address 168.175.203.52/32;
ethernet-source-address D8:9D:67:F3:B3:2D;
} then {
Permit;
Count syn;
}
}
Entry ipmac-53 {
If {
Source-address 168.175.203.53/32;
ethernet-source-address 24:BE:05:E2:14:3B;
} then {
Permit;
Count syn;
}
}
Entry ipmac-54 {
If { &n bsp;
Source-address 168.175.203.54/32;
ethernet-source-address 2C:41:38:4F:66:9B;
} then {
Permit;
Count syn;
}
}
Entry ipmac-55 {
&nb sp; If {
Source-address 168.175.203.55/32;
ethernet-source-address 24:BE:05:E2:00:F5;
} then {
Permit;
Count syn;
; }
}
Entry ipmac-56 {
If {
Source-address 168.175.203.56/32;
ethernet-source-address 00:19:B9:05:4A:E4;
} then {
Permit;
Count syn;
}
}

Entry default {
If {
source-address 0.0.0.0/0
} then {
Deny;
Count default;
}
}

configure access-list ipmac-fangfa ports 39 ingress

Tim_Smith1 · ‎05-24-2018

But I deny any at the end entry of the ACL. The traffic from 2 hosts should be deny at the end of the ACL.

Entry default {
If {
source-address 0.0.0.0/0
} then {
Deny;
Count default;
}
}

PeterK · ‎05-24-2018

read your answer and find the issue... 😉
traffic between 2 host on a miniswitch doesn't reach the xos switch... it's directly switched/forwardet on access/mini-switch and never reach the ACL on XOS-Switch

Tim_Smith1 · ‎05-24-2018

yes, both device behind port 39 through an access switch

Tim_Smith1 · ‎05-24-2018

Is someone could help on this?

Tim_Smith1 · ‎05-23-2018

Thanks Paul. But Extreme offical support to match all (both mac and ip), is it correct?

Extreme Networks

ACL in EXOS

ACL in EXOS