Extreme Networks

martinj · ‎08-30-2019

Hello,
I'm converting a cisco 2911 router to an extreme 440-24t. I've never created an access list or even worked with the router currently has the following. I also don't know what to do with the eigrp and if i need to convert that as well

router eigrp 99
network 10.76.0.0 0.0.0.255
network 10.76.22.0 0.0.0.255
network 172.16.0.0
network 192.168.22.0
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
!
access-list 50 permit 192.168.0.0 0.0.255.255
access-list 50 permit 10.76.0.0 0.0.0.255
access-list 101 deny ip any 172.16.0.0 0.0.255.255
access-list 101 permit ip any any
access-list 102 permit ip any 172.16.0.0 0.0.255.255
access-list 102 permit ip any 10.243.4.0 0.0.1.255

FredrikB · ‎08-31-2019

Ok, two things. If this is indeed an old X440-24t (not a G2 version), you're stuck on old EXOS 16, but you will be fine with one of the latest EXOS 16 releases. Sencondly, I think you need to figure out what the old router did if you're going to copy its settings. If you cannot do that (well, in any case) you need to understand the solution, otherwise you're only guessing.

If none of the VLANs are supposed to have Internet access, is there another VLAN that is supposed to have that?

Was Cisco EIGRP routing protocol used at all in the Cisco? You should see that with "show eigrp 99 neighbors". If none are listed, you probably don't even use EIGRP. Even if EIGRP is used, very often in simple implementations, the routing protocol more or less only establishes a default route to the outside world. If this is the case for you, you can replace EIGRP with a simple static route to the next-hop router (default gateway).

/Fredrik

martinj · ‎08-31-2019

I’m not really sure about the ACLs, and I’ve never setup a switch so I’ve got 2 vlans (admin) and (controls) it goes directly to a rad provided by century link, we originally had a Cisco router and a cisco switch but we want to put in this x440 in place of those two. I’m only trying to mirror what we had in the router and I wasn’t part of the original setup so I’m not sure what the ACLs are for. We want admin vlan and the controls vlan to not have internet. Not sure if that makes sense or not.

FredrikB · ‎08-31-2019

I don't think Extreme supports EIGRP and will probably never do so.

https://community.extremenetworks.com/extremeswitching-exos-223284/eigrp-7497233

Use standards like OSPF, ISIS or BGP for routing.

Where do you plan to use the ACLs, on interfaces, VLANs, for route export, CPU protection or something else?

You can either edit a policy file that you create for a policy (ACL) or create a dynamic ACL. I think you can only have one match in a dynamic ACL, so you can do this:

create access-list ACL101a "source-address 172.16.0.0/16" "deny"
create access-list ACL101b "source-address 0.0.0.0/0" "permit"
configure access-list add ACLv101a vlan v101-engineering first
configure access-list add ACLv101b vlan v101-engineering after ACLv101a

or you can create a policy file:

edit policy ACLv101 (starts up a "vi" like editor, nasty, but that's how it's done)

i (for entering edit mode in vi, then type the following)

entry v101-deny {
if {
source-address 172.16.0.0/16;
} then {
deny;
}
}

entry v101-permit {
if {
} then {
permit;
}
}

(now, press Esc and then ZZ, that is capital Z twice, for saving and exiting)

Apply the ACL to a VLAN (if that's what you intend):

configure access-list add ACLv101 vlan v101-engineering

/Fredrik

Extreme Networks

ACL to EXOS and EIGRP Newbie

ACL to EXOS and EIGRP Newbie