convert cisco acl in to extreme summit X440
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-19-2016 02:46 AM
access-list 10 permit 172.16.66.246
access-list 10 permit 172.16.66.241
access-list 10 permit 172.16.72.110
access-list 10 permit 172.16.72.84
access-list 10 permit 172.168.202.100
access-list 10 permit 172.16.72.17
this is cisco code and i want this code in extreme X440...plz guide me and give me a code in detail.
access-list 10 permit 172.16.66.241
access-list 10 permit 172.16.72.110
access-list 10 permit 172.16.72.84
access-list 10 permit 172.168.202.100
access-list 10 permit 172.16.72.17
this is cisco code and i want this code in extreme X440...plz guide me and give me a code in detail.
19 REPLIES 19
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-19-2016 07:48 AM
Thanks Erik
Do I need to download IOStoEXOSACL converter script ?
Do I need to download IOStoEXOSACL converter script ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-19-2016 07:48 AM
Hi,
using the IOStoEXOSACL converter script I get:
create access-list DEV-01-ACL_1 "source-address 10.8.2.0 mask 255.255.255.0; destination-address 10.8.220.0 mask 255.255.255.0;" "permit;"create access-list DEV-01-ACL_2 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.2.0 mask 255.255.255.0;" "permit;"
create access-list DEV-01-ACL_3 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.5.0 mask 255.255.255.0;" "permit;"
create access-list DEV-01-ACL_4 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.7.0 mask 255.255.255.0;" "permit;"
create access-list DEV-01-ACL_5 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.0.0 mask 255.255.240.0;" "deny;"
create access-list DEV-01-ACL_6 " " "permit; log;"You would then need to configure all 6 dynamic ACLs to apply to the ports / vlan.
HTH,
Erik
using the IOStoEXOSACL converter script I get:
create access-list DEV-01-ACL_1 "source-address 10.8.2.0 mask 255.255.255.0; destination-address 10.8.220.0 mask 255.255.255.0;" "permit;"create access-list DEV-01-ACL_2 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.2.0 mask 255.255.255.0;" "permit;"
create access-list DEV-01-ACL_3 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.5.0 mask 255.255.255.0;" "permit;"
create access-list DEV-01-ACL_4 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.7.0 mask 255.255.255.0;" "permit;"
create access-list DEV-01-ACL_5 "source-address 10.8.221.0 mask 255.255.255.0; destination-address 10.8.0.0 mask 255.255.240.0;" "deny;"
create access-list DEV-01-ACL_6 " " "permit; log;"You would then need to configure all 6 dynamic ACLs to apply to the ports / vlan.
HTH,
Erik
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-19-2016 07:48 AM
Hi Matthew
I know this is old post , I come across to it and doing the similar
configure converting IOS access list to EXOS ACL...
and i have been stack for many days now.
Can u please help me if i want to convert below configure access using dynamic how can I do it find access list below
interface Vlan221description DEV-01
ip address 10.8.221.1 255.255.255.0
ip access-group DEV-01-ACL in
ip access-group DEV-01-ACL out
no ip redirects
no ip proxy-arp
ip wccp web-cache redirect in
ip flow ingress
ip route-cache policy
logging event link-status
load-interval 30
snmp ifindex persist
arp timeout 20
hold-queue 100 out
!
!ip access-list extended DEV-01-ACL
permit ip 10.8.2.0 0.0.0.255 10.8.220.0 0.0.0.255
permit ip 10.8.221.0 0.0.0.255 10.8.2.0 0.0.0.255
permit ip 10.8.221.0 0.0.0.255 10.8.5.0 0.0.0.255
permit ip 10.8.221.0 0.0.0.255 10.8.7.0 0.0.0.255
deny ip 10.8.221.0 0.0.0.255 10.8.0.0 0.0.15.255
permit ip any any log
I know this is old post , I come across to it and doing the similar
configure converting IOS access list to EXOS ACL...
and i have been stack for many days now.
Can u please help me if i want to convert below configure access using dynamic how can I do it find access list below
interface Vlan221description DEV-01
ip address 10.8.221.1 255.255.255.0
ip access-group DEV-01-ACL in
ip access-group DEV-01-ACL out
no ip redirects
no ip proxy-arp
ip wccp web-cache redirect in
ip flow ingress
ip route-cache policy
logging event link-status
load-interval 30
snmp ifindex persist
arp timeout 20
hold-queue 100 out
!
!ip access-list extended DEV-01-ACL
permit ip 10.8.2.0 0.0.0.255 10.8.220.0 0.0.0.255
permit ip 10.8.221.0 0.0.0.255 10.8.2.0 0.0.0.255
permit ip 10.8.221.0 0.0.0.255 10.8.5.0 0.0.0.255
permit ip 10.8.221.0 0.0.0.255 10.8.7.0 0.0.0.255
deny ip 10.8.221.0 0.0.0.255 10.8.0.0 0.0.15.255
permit ip any any log
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-19-2016 07:48 AM
Hi Matthew,
where can I find that ACL converter version? The code at GitHub does not support creation of dynamic EXOS ACLs.
Thanks,
Erik
where can I find that ACL converter version? The code at GitHub does not support creation of dynamic EXOS ACLs.
Thanks,
Erik
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-19-2016 07:48 AM
If it helps, you might also consider using "dynamic ACLs" instead of policy file based ACLs. The latest converter does both (using the -d flag):
$ perl aclconverter_0_19.pl simple.acl -d create access-list acl_10_1 "source-address 172.16.66.246/32;" "permit;"
create access-list acl_10_2 "source-address 172.16.66.241/32;" "permit;"
create access-list acl_10_3 "source-address 172.16.72.110/32;" "permit;"
create access-list acl_10_4 "source-address 172.16.72.84/32;" "permit;"
create access-list acl_10_5 "source-address 172.168.202.100/32;" "permit;"
create access-list acl_10_6 "source-address 172.16.72.17/32;" "permit;"
And as mentioned above you would have to add either an egress deny all statement, or an ingress deny all statement:
create access-list indenyall " " "deny"
create access-list outdenyall "source-address 0.0.0.0/32" "deny"
Dynamic ACLs are closer to IOS ACLs in that they are in the config and need to be applied to a port, VLAN, etc. For example using the ACL lines above:
configure access-list add acl_10_1 last ports 1 ingress
configure access-list add acl_10_2 last ports 1 ingress
configure access-list add acl_10_3 last ports 1 ingress
configure access-list add acl_10_4 last ports 1 ingress
configure access-list add acl_10_5 last ports 1 ingress
configure access-list add acl_10_6 last ports 1 ingress
configure access-list add indenyall last port 1 ingress
$ perl aclconverter_0_19.pl simple.acl -d create access-list acl_10_1 "source-address 172.16.66.246/32;" "permit;"
create access-list acl_10_2 "source-address 172.16.66.241/32;" "permit;"
create access-list acl_10_3 "source-address 172.16.72.110/32;" "permit;"
create access-list acl_10_4 "source-address 172.16.72.84/32;" "permit;"
create access-list acl_10_5 "source-address 172.168.202.100/32;" "permit;"
create access-list acl_10_6 "source-address 172.16.72.17/32;" "permit;"
And as mentioned above you would have to add either an egress deny all statement, or an ingress deny all statement:
create access-list indenyall " " "deny"
create access-list outdenyall "source-address 0.0.0.0/32" "deny"
Dynamic ACLs are closer to IOS ACLs in that they are in the config and need to be applied to a port, VLAN, etc. For example using the ACL lines above:
configure access-list add acl_10_1 last ports 1 ingress
configure access-list add acl_10_2 last ports 1 ingress
configure access-list add acl_10_3 last ports 1 ingress
configure access-list add acl_10_4 last ports 1 ingress
configure access-list add acl_10_5 last ports 1 ingress
configure access-list add acl_10_6 last ports 1 ingress
configure access-list add indenyall last port 1 ingress
