This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- error on egress (dynamic) acl
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
error on egress (dynamic) acl
error on egress (dynamic) acl
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā01-07-2014 10:05 PM
Create Date: Sep 27 2013 9:57AM
I want to block traffic from vlan1 to vlan2
setup acl:
create access-list deny-v1-v2 "source-address 10.99.36.0/24;destination-address 10.99.35.0/24" "deny"
config access-list add deny-v1-v2 first any egress
applying responses in following error:
Error: ACL install operation failed - port 5:8, rule "deny-v1-v2", feature unavailable.
What does this means? And how do I solve this issue?
Also tried ingress, but this will block traffic to both directions...
please advice.
(from LNU)
I want to block traffic from vlan1 to vlan2
setup acl:
create access-list deny-v1-v2 "source-address 10.99.36.0/24;destination-address 10.99.35.0/24" "deny"
config access-list add deny-v1-v2 first any egress
applying responses in following error:
Error: ACL install operation failed - port 5:8, rule "deny-v1-v2", feature unavailable.
What does this means? And how do I solve this issue?
Also tried ingress, but this will block traffic to both directions...
please advice.
(from LNU)
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā01-07-2014 10:05 PM
Create Date: Oct 7 2013 11:31AM
Have you check the policy ?
example:
D-Lab.5 # check policy MS-VLAN-BRIDGE
Policy file check successful.
BD-Lab.6 #
(from Pascal_Lurquin)
Have you check the policy ?
example:
D-Lab.5 # check policy MS-VLAN-BRIDGE
Policy file check successful.
BD-Lab.6 #
(from Pascal_Lurquin)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā01-07-2014 10:05 PM
Create Date: Oct 1 2013 2:11PM
nobody? (from LNU)
nobody? (from LNU)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā01-07-2014 10:05 PM
Create Date: Sep 27 2013 3:14PM
Hi Prusso,
thanks for your reply
It a BB8810 - xos version 12.3.3.6
I decided to work with static policies. I found out that this give me more overview.
Below is the test acl policy (applied on any / ingress) - but still can't get this working right;
The rules from vlan2 to vlan 1 are working fine (got ping reply, rdp, telnet and all other traffic is blocked).
But in the policy I created an entry to allow all traffic from vlan1 to vlan2, but all traffic is blocked..
vlan1 (10.99.35.0/24)
vlan 2 (10.99.36.0/24)
Policy:
entry permit-prd-inf-ping {
if match all {
source-address 10.99.36.0/24;
destination-address 10.99.35.0/24;
protocol icmp;
icmp-type echo-request;
} then {
count permit-prd-inf-ping;
permit;
}}
entry permit-prd-inf-telnet {
if match all {
source-address 10.99.36.0/24;
destination-address 10.99.35.0/24;
protocol tcp;
destination-port 23;
} then {
count permit-prd-inf-telnet;
permit;
}}
entry permit-prd-inf-rdp {
if match all {
source-address 10.99.36.0/24;
destination-address 10.99.35.0/24;
protocol tcp;
destination-port 3389;
} then {
count permit-prd-inf-rdp;
permit;
}}
entry deny-prd-inf-other {
if match all {
source-address 10.99.36.0/24;
destination-address 10.99.35.0/24;
} then {
count deny-prd-inf-other;
deny;
}}
entry permit-all-other {
if match all {
source-address 10.99.35.0/24;
destination-address 10.99.36.0/24;
} then {
count permit-all-other;
permit;
}}
(from LNU)
Hi Prusso,
thanks for your reply
It a BB8810 - xos version 12.3.3.6
I decided to work with static policies. I found out that this give me more overview.
Below is the test acl policy (applied on any / ingress) - but still can't get this working right;
The rules from vlan2 to vlan 1 are working fine (got ping reply, rdp, telnet and all other traffic is blocked).
But in the policy I created an entry to allow all traffic from vlan1 to vlan2, but all traffic is blocked..
vlan1 (10.99.35.0/24)
vlan 2 (10.99.36.0/24)
Policy:
entry permit-prd-inf-ping {
if match all {
source-address 10.99.36.0/24;
destination-address 10.99.35.0/24;
protocol icmp;
icmp-type echo-request;
} then {
count permit-prd-inf-ping;
permit;
}}
entry permit-prd-inf-telnet {
if match all {
source-address 10.99.36.0/24;
destination-address 10.99.35.0/24;
protocol tcp;
destination-port 23;
} then {
count permit-prd-inf-telnet;
permit;
}}
entry permit-prd-inf-rdp {
if match all {
source-address 10.99.36.0/24;
destination-address 10.99.35.0/24;
protocol tcp;
destination-port 3389;
} then {
count permit-prd-inf-rdp;
permit;
}}
entry deny-prd-inf-other {
if match all {
source-address 10.99.36.0/24;
destination-address 10.99.35.0/24;
} then {
count deny-prd-inf-other;
deny;
}}
entry permit-all-other {
if match all {
source-address 10.99.35.0/24;
destination-address 10.99.36.0/24;
} then {
count permit-all-other;
permit;
}}
(from LNU)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
ā01-07-2014 10:05 PM
Create Date: Sep 27 2013 12:09PM
Good Morning LNU
Can you give me information about the switch you are doing this on also what version of code?
Thanks
P (from Paul_Russo)
Good Morning LNU
Can you give me information about the switch you are doing this on also what version of code?
Thanks
P (from Paul_Russo)
