Extreme Switch ACL
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-13-2017 07:59 AM
Hi Support,
I would like to ask about ACL configuration.
Assuming I have 3 Vlan created.
Vlan 10 , HR , 192.168.10.1/24
Vlan 20 , IT, 192.168.20.1/24
Vlan 30, GM, 192.168.30.1/24
I would like all 3 Vlan to be isolated from each other; not able to ping/communicate to each other.
This is the command i have created but not sure if it works anot.
below is the example of blocking HR to IT & GM.
vi HR.pol
press"i" to insert
entry IT{
if match all {
destination-address 192.168.20.1/255.255.255.0
destination-address 192.168.30.1/255.255.255.0
} then {
deny;
}
}
Please advise if this is the right way to configure.
Thanks
Regards
Jawn
I would like to ask about ACL configuration.
Assuming I have 3 Vlan created.
Vlan 10 , HR , 192.168.10.1/24
Vlan 20 , IT, 192.168.20.1/24
Vlan 30, GM, 192.168.30.1/24
I would like all 3 Vlan to be isolated from each other; not able to ping/communicate to each other.
This is the command i have created but not sure if it works anot.
below is the example of blocking HR to IT & GM.
vi HR.pol
press"i" to insert
entry IT{
if match all {
destination-address 192.168.20.1/255.255.255.0
destination-address 192.168.30.1/255.255.255.0
} then {
deny;
}
}
Please advise if this is the right way to configure.
Thanks
Regards
Jawn
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-13-2017 04:02 PM
Hi Erik,
Thanks for the advise.
If I want to block HR (.10) to IT & GM.
Does the below command work?
entry block_IT_and_GM {
if match any{
source-address 192.168.10.1/24; #this is HR
destination-address 192.168.20.1/24; # this is IT
destination-address 192.168.30.1/24; # this is GM
} then {
deny;
}
}
Thanks for the advise.
If I want to block HR (.10) to IT & GM.
Does the below command work?
entry block_IT_and_GM {
if match any{
source-address 192.168.10.1/24; #this is HR
destination-address 192.168.20.1/24; # this is IT
destination-address 192.168.30.1/24; # this is GM
} then {
deny;
}
}
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-13-2017 01:38 PM
Hi Jawn,
I edited this post so that it was public, and not private. This way, other community members can respond to you.
I edited this post so that it was public, and not private. This way, other community members can respond to you.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-13-2017 01:38 PM
Thank Drew !
Appreciated much.
Appreciated much.