This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- RE: ACL redirect-port
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ACL redirect-port
ACL redirect-port
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-17-2014 06:47 AM
Hello, colleagues!
I have LAG, for example ports 10-14
#enable sharing 10 grou 10-14 alg address-based L3
I have ACL:
entry ACL{
if {
} then {
redirect-port 10;
} }
#configure access-list ACL ports 1-4 ingress
As I understand traffic have to go not only for port 10, but exit from ports 10-14 based on address-based L3 algorithm.
As I'm right?
Is there some conditions for this ACL? (same vlan in ingress and redirect ports, somthing else)
Main problem that I can see traffic is come to ingress ports (1-4) - counters is groing.
But I can't see traffic in egress ports (10-14).
Any ideas or advices?
Thank you!
I have LAG, for example ports 10-14
#enable sharing 10 grou 10-14 alg address-based L3
I have ACL:
entry ACL{
if {
} then {
redirect-port 10;
} }
#configure access-list ACL ports 1-4 ingress
As I understand traffic have to go not only for port 10, but exit from ports 10-14 based on address-based L3 algorithm.
As I'm right?
Is there some conditions for this ACL? (same vlan in ingress and redirect ports, somthing else)
Main problem that I can see traffic is come to ingress ports (1-4) - counters is groing.
But I can't see traffic in egress ports (10-14).
Any ideas or advices?
Thank you!
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-17-2014 10:58 AM
The below information is from concepts guide.
• Using the “redirect-port” action overrides Layer 2 echo kill; the result is that a packet can be made to egress the ingress port at Layer 2.
It seems to me as Layer 2 traffic
• Using the “redirect-port” action overrides Layer 2 echo kill; the result is that a packet can be made to egress the ingress port at Layer 2.
It seems to me as Layer 2 traffic
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-17-2014 10:52 AM
is the traffic ingress in on a specific vlan?
And the Egress lag is on same vlan?
And the Egress lag is on same vlan?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-17-2014 10:49 AM
I don't need redirect-port-no-sharing (I don't need to redirect traffic in one of LAG ports, traffic have to redirecting in all LAG ports).
Main task to balancyng traffic in LAG (on L3 condition).
Concept guide say that redirect-port condition have to be not to LAG port, but for one of LAG ports.
I have traffic that come to ports 1-4 (it's can be LAG or 4 different ports) and this traffic have to go to LAG port (10-14), also balancing on L3 conditions.
I see that traffic is coming to ports 1-4, but I don't see redirected traffic on ports 10-14.
Main task to balancyng traffic in LAG (on L3 condition).
Concept guide say that redirect-port condition have to be not to LAG port, but for one of LAG ports.
I have traffic that come to ports 1-4 (it's can be LAG or 4 different ports) and this traffic have to go to LAG port (10-14), also balancing on L3 conditions.
I see that traffic is coming to ports 1-4, but I don't see redirected traffic on ports 10-14.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-17-2014 06:59 AM
Yes.this should work.What is the exos version.
there is also another feature
This feature allows you to apply an ACL that causes matching packets to egress a specific port in a linkaggregation (or load-sharing) group.
Note
This feature applies only to BlackDiamond 8000 series modules and Summit family switches.
The following ACL action is added in support of this feature:
redirect-port-no-sharing
The ACL overrides any load-sharing algorithm hash that is generated based on the lookup results.
Limitations include the following:
• If the selected port in a load-sharing group is down, the packets will be dropped.
• Like the redirect-port action, the specified port must be a member of the egress VLAN.
Following is an example of a configuration and ACL policy that directs traffic matching 10.66.4.10 to
LAG port 3:
enable sharing 2 group 2,3
radiomgmt.pol:
entry one {
if {
destination-address 10.66.4.10/32;
} then {
ACLs
ExtremeXOS 15.6 User Guide 753
redirect-port-no-sharing 3;
}
}
config access-list radiomgmt any
This example would direct inband management traffic to specific radios connected to specific ports
within a load-sharing group
NoteUse of the ACL redirect-port-no-sharing port action overrides any load-sharing algorithm
hash that is generated based on the lookup results. For more information on this action, see
LAG Port Selection on page 753.
there is also another feature
This feature allows you to apply an ACL that causes matching packets to egress a specific port in a linkaggregation (or load-sharing) group.
Note
This feature applies only to BlackDiamond 8000 series modules and Summit family switches.
The following ACL action is added in support of this feature:
redirect-port-no-sharing
The ACL overrides any load-sharing algorithm hash that is generated based on the lookup results.
Limitations include the following:
• If the selected port in a load-sharing group is down, the packets will be dropped.
• Like the redirect-port action, the specified port must be a member of the egress VLAN.
Following is an example of a configuration and ACL policy that directs traffic matching 10.66.4.10 to
LAG port 3:
enable sharing 2 group 2,3
radiomgmt.pol:
entry one {
if {
destination-address 10.66.4.10/32;
} then {
ACLs
ExtremeXOS 15.6 User Guide 753
redirect-port-no-sharing 3;
}
}
config access-list radiomgmt any
This example would direct inband management traffic to specific radios connected to specific ports
within a load-sharing group
NoteUse of the ACL redirect-port-no-sharing port action overrides any load-sharing algorithm
hash that is generated based on the lookup results. For more information on this action, see
LAG Port Selection on page 753.
