Create ACL
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 11 2013 7:43PM
How do I create an ACL to limit access on a port to a predefined list of ip's?
Thanks (from Vince_MacNeil)
How do I create an ACL to limit access on a port to a predefined list of ip's?
Thanks (from Vince_MacNeil)
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 12 2013 10:21PM
screenplay is free. all you need to do is run the command "enable web http" in the switch and then in your internet browser type the IP address of the switch. It will take you to the GUI of the switch. (from ethernet)
screenplay is free. all you need to do is run the command "enable web http" in the switch and then in your internet browser type the IP address of the switch. It will take you to the GUI of the switch. (from ethernet)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 12 2013 1:51PM
Policy Manager (wizard tool) is free. Not sure about Screenplay, never worked with that. (from Ansley_Barnes)
Policy Manager (wizard tool) is free. Not sure about Screenplay, never worked with that. (from Ansley_Barnes)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 12 2013 1:46PM
Have you heard of XOS Screen Play? I found some info on Extremes site. It is a gui based config tool. I'm not sure if its free. Is the policy wizrd a free tool?
Thanks (from Vince_MacNeil)
Have you heard of XOS Screen Play? I found some info on Extremes site. It is a gui based config tool. I'm not sure if its free. Is the policy wizrd a free tool?
Thanks (from Vince_MacNeil)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-07-2014 09:59 PM
Create Date: Mar 12 2013 1:37PM
If you have more than one IP to allow the standard policy ACLs are probably cleaner and easier to maintain. They're not difficult to set up. I use the command line editor via SSH to do my policy file editing (it's a built-in version of vi.)
1. edit policy ip-restriction
2. hit "i" to enter interactive mode, then paste the rule
3. hit esc, then type ZZ to save and quit the editor (like I said, it's vi, so editor commands are the same)
3a. [Optional, but recommended] check policy ip-restriction
4. configure access-list ip-restriction ports 1:5
Done. You can type "ls" into the main CLI to see all the policy files you have saved on the switch (it's a stripped-down, busybox-type linux shell.) You can also transfer files to the switch via TFTP or SFTP if you're more comfortable with that. I'm sure Ridgeline has something similar as well, and it's free for up to 10 switches, I just don't currently use it. Extreme Networks Policy Manager has a great wizard interface for constructing, editing, and exploring policy files, and can save them to a switch via TFTP when they're done. It's pretty simple, just a different workflow from Cisco/Juniper.
I'm not aware of a place to find many examples of these ACLs, but they're fairly straightforward. If you need a quick reference on what attributes you can match in a policy file, you can, from the CLI, type:
check policy attribute
then hit Tab for a complete list. Type in any of the attributes to get a description. (from Ansley_Barnes)
If you have more than one IP to allow the standard policy ACLs are probably cleaner and easier to maintain. They're not difficult to set up. I use the command line editor via SSH to do my policy file editing (it's a built-in version of vi.)
1. edit policy ip-restriction
2. hit "i" to enter interactive mode, then paste the rule
3. hit esc, then type ZZ to save and quit the editor (like I said, it's vi, so editor commands are the same)
3a. [Optional, but recommended] check policy ip-restriction
4. configure access-list ip-restriction ports 1:5
Done. You can type "ls" into the main CLI to see all the policy files you have saved on the switch (it's a stripped-down, busybox-type linux shell.) You can also transfer files to the switch via TFTP or SFTP if you're more comfortable with that. I'm sure Ridgeline has something similar as well, and it's free for up to 10 switches, I just don't currently use it. Extreme Networks Policy Manager has a great wizard interface for constructing, editing, and exploring policy files, and can save them to a switch via TFTP when they're done. It's pretty simple, just a different workflow from Cisco/Juniper.
I'm not aware of a place to find many examples of these ACLs, but they're fairly straightforward. If you need a quick reference on what attributes you can match in a policy file, you can, from the CLI, type:
check policy attribute
then hit Tab for a complete list. Type in any of the attributes to get a description. (from Ansley_Barnes)
