Extreme Networks

Create Date: Mar 11 2013 11:34PM

Ansley is right about looking in the concepts guide always a great place to look.

a few things to note is that everything in the "if" section of the acl is an "and" and not an "or". Meaning if you put a number of items like IP and protocol port both have to match or it will not hit the ACL.

i would also add a counter statement in the "then" part so you make sure if counters are being hit. You can create the ACLs in notepad and transfer them to the switch using the TFTP command. Then do a check policy on it to make sure everything is set correctly.

you can apply the ACL to either a port or VLAN. If you apply it to the port you can only have one policy per port. If you do it per VLAN you can have more than one on a port if a port is in more than one VLAN.

hope that helps.
p (from Paul_Russo)

Create Date: Mar 11 2013 9:17PM

This is pretty easy - I recommend downloading the XOS concepts guide and command reference for the version you're using as a reference for how these work, but an ACL for this purpose would look something like this:

entry restrict-to-these-IPs {
if {
destination-address x.x.x.x/q;
destination-address y.y.y.y/z;
...
} then {
permit;
}

entry default-deny {
if {
destination-address 0.0.0.0/0;
} then {
deny;
}

Save on your switch and apply to a port/VLAN combo.

There's a free program called Extreme Networks Policy Manager that works very well for constructing these, I believe it's still available on the Extreme site. (from Ansley_Barnes)