cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

how can I create a access-list on egress to allow only a few vlans inside a vman ? drop all doesnt work too

how can I create a access-list on egress to allow only a few vlans inside a vman ? drop all doesnt work too

Immo_Wetzel
New Contributor
HI,
my target is to allow only a few vlans from a vman to exit a specific port.

example port 1, 2 and 3 at untagged in vman 2000.
all traffic from 1 should be forwarded to 2 and vice versa. only vlan 100 and 102 should be forwarded to port 3.. I do not know the vlans inserted into port 1 and 2 except 100 and 102 therefore the vman untagged idea.

to start I tried a deny all rule on port 3
docu say egress rule:
denyAll.pol
entry DenyAllEgress{
if {
source-address 0.0.0.0/0;
} then {
deny;
}
}but after
configure access-list denyAll ports 3 egress
still all traffic is visible at port 3 and also on the next switch...

Whats the fault and whats the solution ?
2 REPLIES 2

BrandonC
Extreme Employee
Hi Immo,

It sounds like what you want to do is configure port 3 as a customer edge port, allowing inner tags 100 and 102 only.

For example,
configure vman add port 3 cep cvid 100 configure vman add port 3 cep cvid 102You can see more info on this at the link below:
https://documentation.extremenetworks.com/exos_commands_22.4/EXOS_21_1/EXOS_Commands_All/r_configure...

ok but how about untagged and vlan 0 traffic ?
GTM-P2G8KFN