This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Dynamic ACL - multiple source-address in single statement?

Dynamic ACL - multiple source-address in single statement?

djs86
New Contributor

‎10-17-2023 03:25 AM

I can create a simple ACL like below:

create access-list Mgmt-Access "source-address 192.168.40.0/24;" "permit;"

configure ssh2 access-profile add Mgmt-Access first

But how do I add another address range to this acl? Do I need to do:

create access-list Mgmt-Access2 "source-address 192.168.50.0/24;" "permit;"

configure ssh2 access-profile add Mgmt-Access2 after Mgmt-Access

A bit messy and was hoping to combine all my ranges in a single ACL. Is this possible?

This below makes it sound like you can:

create access-list <EntryName> "<MatchCondition>;<MatchCondition>;" "<Action>; <ActionModifier>;"

 But when I use source-address twice it doesnt like it. Is there some other formatting?

Thanks

0 Kudos
2 REPLIES 2

Gabriel_G
Extreme Employee

‎10-17-2023 08:33 AM

The most common way of creating an SSH access-profile is here using static ACLs:
https://extreme-networks.my.site.com/ExtrArticleDetail?an=000090702

Otherwise, using dynamic ACLs is fine with the commands you listed. However, you cannot combine multiple ranges into a single dynamic ACL entry (only certain static ACLs), so you have to use multiple entries as you've identified.

 

0 Kudos

djs86
New Contributor
In response to Gabriel_G

‎10-17-2023 09:05 AM

Thanks, is there a way of creating static ACL's using ExtremecloudIQ? I can't seem to find it. 

That's why I was using dynamic ACL's as I could then push out via a template and the supplemental CLi

0 Kudos
GTM-P2G8KFN