ACL in EXOS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-22-2018 07:07 AM
Hi expert,
I write an ACL and apply it to port 39 to deny all other traffic(only permit 2 host), but the deny not work. Could you please help to check the problem?
host1 ip 168.175.203.52
host1 mac D8:9D:67:F3:B3:2D
host2 ip 168.175.203.53
host2 mac 24:BE:05:E2:14:3B
Entry ipmac-52 {
If {
Source-address 168.175.203.52/32;
ethernet-source-address D8:9D:67:F3:B3:2D;
} then {
Permit;
Count syn;
}
}
Entry ipmac-53 {
If {
Source-address 168.175.203.53/32;
ethernet-source-address 24:BE:05:E2:14:3B;
} then {
Permit;
Count syn;
}
}
Entry ipmac-54 {
If { &n bsp;
Source-address 168.175.203.54/32;
ethernet-source-address 2C:41:38:4F:66:9B;
} then {
Permit;
Count syn;
}
}
Entry ipmac-55 {
&nb sp; If {
Source-address 168.175.203.55/32;
ethernet-source-address 24:BE:05:E2:00:F5;
} then {
Permit;
Count syn;
; }
}
Entry ipmac-56 {
If {
Source-address 168.175.203.56/32;
ethernet-source-address 00:19:B9:05:4A:E4;
} then {
Permit;
Count syn;
}
}
Entry default {
If {
source-address 0.0.0.0/0
} then {
Deny;
Count default;
}
}
configure access-list ipmac-fangfa ports 39 ingress
I write an ACL and apply it to port 39 to deny all other traffic(only permit 2 host), but the deny not work. Could you please help to check the problem?
host1 ip 168.175.203.52
host1 mac D8:9D:67:F3:B3:2D
host2 ip 168.175.203.53
host2 mac 24:BE:05:E2:14:3B
Entry ipmac-52 {
If {
Source-address 168.175.203.52/32;
ethernet-source-address D8:9D:67:F3:B3:2D;
} then {
Permit;
Count syn;
}
}
Entry ipmac-53 {
If {
Source-address 168.175.203.53/32;
ethernet-source-address 24:BE:05:E2:14:3B;
} then {
Permit;
Count syn;
}
}
Entry ipmac-54 {
If { &n bsp;
Source-address 168.175.203.54/32;
ethernet-source-address 2C:41:38:4F:66:9B;
} then {
Permit;
Count syn;
}
}
Entry ipmac-55 {
&nb sp; If {
Source-address 168.175.203.55/32;
ethernet-source-address 24:BE:05:E2:00:F5;
} then {
Permit;
Count syn;
; }
}
Entry ipmac-56 {
If {
Source-address 168.175.203.56/32;
ethernet-source-address 00:19:B9:05:4A:E4;
} then {
Permit;
Count syn;
}
}
Entry default {
If {
source-address 0.0.0.0/0
} then {
Deny;
Count default;
}
}
configure access-list ipmac-fangfa ports 39 ingress
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-24-2018 09:41 AM
But I deny any at the end entry of the ACL. The traffic from 2 hosts should be deny at the end of the ACL.
Entry default {
If {
source-address 0.0.0.0/0
} then {
Deny;
Count default;
}
}
Entry default {
If {
source-address 0.0.0.0/0
} then {
Deny;
Count default;
}
}
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-24-2018 09:41 AM
read your answer and find the issue... 😉
traffic between 2 host on a miniswitch doesn't reach the xos switch... it's directly switched/forwardet on access/mini-switch and never reach the ACL on XOS-Switch
traffic between 2 host on a miniswitch doesn't reach the xos switch... it's directly switched/forwardet on access/mini-switch and never reach the ACL on XOS-Switch
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-24-2018 09:41 AM
yes, both device behind port 39 through an access switch
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-24-2018 01:11 AM
Is someone could help on this?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-23-2018 11:25 AM
Thanks Paul. But Extreme offical support to match all (both mac and ip), is it correct?
