Extreme Networks

Anonymous · ‎08-04-2015

Have some specific questions about EXOS ACL's I am hoping someone can help with:

Dynamic and Policy ACL's - do these have a Explicit Deny or Permit at the end of each. I know I can create either / or but not sure what the default process is and if its the same for each type?
If I create a Policy ACL with just an 'if' statement and NO match condition, i.e. 'match all', would it still match all elements in the statement like Source Address, Protocol and Port Number?
Whats the main difference and reasons for creating ACL's as a policy than Dynamic and visa versa, here's some that I can think of:

Policy ACL you can edit the rule, i.e. if you wanted to add a count to a rule as opposed to a Dynamic ACL you would have to remove the ACL and re-add it amended.
Dynamic ACL's help if you are used to writing them directly in the command line.
Dynamic ACL's you can re-use rules per individual rule.
Policy ACL's you can apply many rules at once with a single command.

Thanks in advance.

Bill_Stritzinge · ‎08-05-2015

Here is a link to the guide for anyone else following the thread: http://extrcdn.extremenetworks.com/wp-content/uploads/2014/10/ACL_Solutions_Guide.pdf

Peder_Bach · ‎01-23-2020

Seems that ACL based matching on XOS 15.6 doesn’t support matching of the inner dot1p/q tag. Is there a newer software that support it?

Anonymous · ‎08-04-2015

Many thanks for taking the time reply, now all understood.

Stephane_Grosj1 · ‎08-04-2015

Also, don't confuse ACL with Policies (Routing Policies). They share the same syntax pre-processor, but behave slightly differently, while Routing Policies do have a "match any" that is not available to ACL.

Extreme Networks

EXOS ACL, Explict, Match, Dynamic, Policy

EXOS ACL, Explict, Match, Dynamic, Policy