This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

how can I create a access-list on egress to allow only a few vlans inside a vman ? drop all doesnt work too

how can I create a access-list on egress to allow only a few vlans inside a vman ? drop all doesnt work too

Immo_Wetzel
New Contributor

‎03-12-2018 05:02 PM

HI,
my target is to allow only a few vlans from a vman to exit a specific port.

example port 1, 2 and 3 at untagged in vman 2000.
all traffic from 1 should be forwarded to 2 and vice versa. only vlan 100 and 102 should be forwarded to port 3.. I do not know the vlans inserted into port 1 and 2 except 100 and 102 therefore the vman untagged idea.

to start I tried a deny all rule on port 3
docu say egress rule:
denyAll.pol
entry DenyAllEgress{
if {
source-address 0.0.0.0/0;
} then {
deny;
}
}but after
configure access-list denyAll ports 3 egress
still all traffic is visible at port 3 and also on the next switch...

Whats the fault and whats the solution ?
0 Kudos
2 REPLIES 2

BrandonC
Extreme Employee

‎03-12-2018 06:10 PM

Hi Immo,

It sounds like what you want to do is configure port 3 as a customer edge port, allowing inner tags 100 and 102 only.

For example,
configure vman add port 3 cep cvid 100 configure vman add port 3 cep cvid 102You can see more info on this at the link below:
https://documentation.extremenetworks.com/exos_commands_22.4/EXOS_21_1/EXOS_Commands_All/r_configure...
0 Kudos

Immo_Wetzel
New Contributor
In response to BrandonC

‎03-12-2018 06:10 PM

ok but how about untagged and vlan 0 traffic ?
0 Kudos
GTM-P2G8KFN