This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

ACL policy to restrict telnet is not working as desirable

ACL policy to restrict telnet is not working as desirable

Francisco_LeitĆ£
New Contributor

ā€Ž05-03-2018 03:09 PM

I'm new using extreme switches. I have configured the following ACL policy to allow only the networks listed in the policy to connect by telnet to the switch model X480-24X, running ExtremeXOS version 15.6.4.2, however only the host with IP address 200.20.76.42 is connecting the others are being rejected.
Has anyone ever faced this problem?

Entry AllowTheseSubnets {
if match any{
source-address 200.20.76.42 /32;
source-address 187.111.111.5 /32;
source-address 200.20.66.176 /27;
}
then
{
permit ;
}
}

Tks in advance

0 Kudos
6 REPLIES 6

Joe_Sheldon_
New Contributor

ā€Ž05-03-2018 04:14 PM

The policy I use without issue is similar to:

Switch1.4 # sh policy telnet
Policies at Policy Server:
Policy: telnet
entry telnet {
if match any {
source-address 12.34.56.78/32 ;
source-address 12.34.56.79/32 ;
source-address 12.34.56.80/32 ;
source-address 12.34.56.81/32 ;
source-address 12.34.56.82/32 ;
source-address 12.34.54.0/24 ;
source-address 12.34.55.0/24 ;
}
then {
permit ;
}
}

0 Kudos

StephenW
Extreme Employee

ā€Ž05-03-2018 03:22 PM

Make one entry per source address.

Entry AllowTheseSubnets1 {
if match any{
source-address 200.20.76.42 /32;
}
then{
permit ;
}}

Entry AllowTheseSubnets2 {
if match any{
source-address 187.111.111.5 /32;
}
then{
permit ;
}}

Entry AllowTheseSubnets3 {
if match any{
source-address 200.20.66.176 /27;
}
then{
permit ;
}}

0 Kudos
GTM-P2G8KFN