This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Help required for ACL policy

Help required for ACL policy

Go to solution
ddpatil89
New Contributor III

‎10-15-2020 07:12 AM

Hi Team,

 

I need to create an acl in exos which will permit traffic if it matches source, destination & protocol in addition with any port from list of port.

I created the policy like below but it giving me an error.

entry 3 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
protocol tcp;
}
if match any {
destination-port 8080; 
destination-port 2121; 
} then {
count test;
permit;
}
}

check policy Mundra.pol
Error:  Policy Mundra has syntax errors
Line 25 : Did not get expected keyword "then","if" is not valid

 

Please help.
 

 

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎10-15-2020 08:10 AM

I think you’re missing the then statement for the entry 3:

entry 3 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
destination-port 8080; 
protocol tcp;
} then {
count test;
permit;

}}

entry 4 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
destination-port 2121; 
protocol tcp;
} then {
count test;
permit;

}}
 

 

Mig

View solution in original post

0 Kudos
5 REPLIES 5

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎10-15-2020 11:17 AM

You’re welcome,

Please mark the topic as solved

Mig

0 Kudos

Go to solution
ddpatil89
New Contributor III

‎10-15-2020 11:15 AM

thanks for help. it resolved my issue.

0 Kudos

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎10-15-2020 08:10 AM

I think you’re missing the then statement for the entry 3:

entry 3 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
destination-port 8080; 
protocol tcp;
} then {
count test;
permit;

}}

entry 4 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
destination-port 2121; 
protocol tcp;
} then {
count test;
permit;

}}
 

 

Mig

0 Kudos

Go to solution
ddpatil89
New Contributor III

‎10-15-2020 08:02 AM

vi Mundra.pol
i
entry 1 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.10/32;
} then {
count test;
deny;
}
}
entry 2 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.141/32;
} then {
count test;
deny;
}
}
entry 3 {
if match all {
source-address 0.0.0.0/0;
destination-address 172.16.108.174/32;
protocol tcp;
}
if match any {   ---------------------- error belongs to this line
destination-port 8080; 
destination-port 2121; 
} then {
count test;
permit;
}
}
 

0 Kudos
GTM-P2G8KFN