This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Basic Policy Based ACL

Basic Policy Based ACL

Mark_Lamond
New Contributor III

‎04-24-2017 01:17 PM

Hi there,
Can anyone explain to my why this basic ACL policy does not work?
This is using XOS 22.2.15 on an X450-G2.

I want to emulate Cisco behaviour of permitting what I want with an deny at the bottom.

# Permit
entry 1.1 { if { source-address 192.168.132.0/26; destination-address 192.168.249.202/32;} then { permit; count Permit;}}

# Deny Everything Else
entry 2.1 { if {} then { deny; count Deny;}}

The access list is applied to a VLAN as follows:

configure access-list Test vlan "Data" ingress

It seems to drop all packets, I thought policies were supposed to process top down with packets until they get a match?

Thanks,
Mark

0 Kudos
14 REPLIES 14

Erik_Auerswald
Contributor II

‎04-25-2017 07:22 AM

Hi Mark,

if you need to convert Cisco(-like) ACLs to EXOS you can try the IOS to EXOS ACL Convert Perl script. Simple IPv4 ACLs can be converted with E2X as well.

Thanks,
Erik
0 Kudos

Erik_Auerswald
Contributor II
In response to Erik_Auerswald

‎04-25-2017 07:22 AM

Great that it works!

Thanks,
Erik
0 Kudos

Nick_Yakimenko
New Contributor II
In response to Erik_Auerswald

‎04-25-2017 07:22 AM

thank you very much for the solution!
That was my typo:
I applied the policy like this
configure bgp neighbor 2001:db8::1 route-policy in allv6-in
and (again!) forgot about address-family ipv6-unicast
now it works as expected
0 Kudos

Erik_Auerswald
Contributor II
In response to Erik_Auerswald

‎04-25-2017 07:22 AM

Thanks for testing. Sorry that it did not work. 
0 Kudos
GTM-P2G8KFN