cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

convert cisco acl in to extreme summit X440

convert cisco acl in to extreme summit X440

zain_mallick
New Contributor
access-list 10 permit 172.16.66.246
access-list 10 permit 172.16.66.241
access-list 10 permit 172.16.72.110
access-list 10 permit 172.16.72.84
access-list 10 permit 172.168.202.100
access-list 10 permit 172.16.72.17

this is cisco code and i want this code in extreme X440...plz guide me and give me a code in detail.

19 REPLIES 19

Thanks Erik
Do I need to download IOStoEXOSACL converter script ?

Hi,

using the IOStoEXOSACL converter script I get:
create access-list DEV-01-ACL_1 "source-address 10.8.2.0 mask 255.255.255.0; destination-address 10.8.220.0 mask 255.255.255.0;" "permit;"create access-list DEV-01-ACL_2 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.2.0 mask 255.255.255.0;" "permit;"
create access-list DEV-01-ACL_3 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.5.0 mask 255.255.255.0;" "permit;"
create access-list DEV-01-ACL_4 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.7.0 mask 255.255.255.0;" "permit;"
create access-list DEV-01-ACL_5 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.0.0 mask 255.255.240.0;" "deny;"
create access-list DEV-01-ACL_6 " " "permit; log;"You would then need to configure all 6 dynamic ACLs to apply to the ports / vlan.

HTH,
Erik

Hi Matthew

I know this is old post , I come across to it and doing the similar
configure converting IOS access list to EXOS ACL...
and i have been stack for many days now.
Can u please help me if i want to convert below configure access using dynamic how can I do it find access list below

interface Vlan221description DEV-01
ip address 10.8.221.1 255.255.255.0
ip access-group DEV-01-ACL in
ip access-group DEV-01-ACL out
no ip redirects
no ip proxy-arp
ip wccp web-cache redirect in
ip flow ingress
ip route-cache policy
logging event link-status
load-interval 30
snmp ifindex persist
arp timeout 20
hold-queue 100 out
!

!ip access-list extended DEV-01-ACL
permit ip 10.8.2.0 0.0.0.255 10.8.220.0 0.0.0.255
permit ip 10.8.221.0 0.0.0.255 10.8.2.0 0.0.0.255
permit ip 10.8.221.0 0.0.0.255 10.8.5.0 0.0.0.255
permit ip 10.8.221.0 0.0.0.255 10.8.7.0 0.0.0.255
deny ip 10.8.221.0 0.0.0.255 10.8.0.0 0.0.15.255
permit ip any any log

Hi Matthew,

where can I find that ACL converter version? The code at GitHub does not support creation of dynamic EXOS ACLs.

Thanks,
Erik

If it helps, you might also consider using "dynamic ACLs" instead of policy file based ACLs. The latest converter does both (using the -d flag):

$ perl aclconverter_0_19.pl simple.acl -d create access-list acl_10_1 "source-address 172.16.66.246/32;" "permit;"

create access-list acl_10_2 "source-address 172.16.66.241/32;" "permit;"

create access-list acl_10_3 "source-address 172.16.72.110/32;" "permit;"

create access-list acl_10_4 "source-address 172.16.72.84/32;" "permit;"

create access-list acl_10_5 "source-address 172.168.202.100/32;" "permit;"

create access-list acl_10_6 "source-address 172.16.72.17/32;" "permit;"

And as mentioned above you would have to add either an egress deny all statement, or an ingress deny all statement:

create access-list indenyall " " "deny"

create access-list outdenyall "source-address 0.0.0.0/32" "deny"

Dynamic ACLs are closer to IOS ACLs in that they are in the config and need to be applied to a port, VLAN, etc. For example using the ACL lines above:

configure access-list add acl_10_1 last ports 1 ingress

configure access-list add acl_10_2 last ports 1 ingress

configure access-list add acl_10_3 last ports 1 ingress

configure access-list add acl_10_4 last ports 1 ingress

configure access-list add acl_10_5 last ports 1 ingress

configure access-list add acl_10_6 last ports 1 ingress

configure access-list add indenyall last port 1 ingress

GTM-P2G8KFN