How do I configure an access list to allow only one IP through ingress port?
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-04-2015 10:32 AM
entry iprule1 {if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
else {
deny ;
}
}
I am getting error:
Error: ACL install operation failed - conflicting actions
And where is "Extreme Networks Policy Manager" cant find it on extremenewtworks.com.
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
else {
deny ;
}
}
I am getting error:
Error: ACL install operation failed - conflicting actions
And where is "Extreme Networks Policy Manager" cant find it on extremenewtworks.com.
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-04-2015 10:33 PM
Hi Ashish,
I agree with the discussion above. We need to add separate entries to permit or deny the rest of the traffic. The rule1 above only matches the source IP address. So, the ARP packets could be dropped. If this is the only IP address that you would like to allow, the following ACL could be considered.
entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
}
entry iprule2 {
if {
arp-sender-address 10.1.2.246/32;
}
then {
permit;
}
}
entry iprule3 {
if {
}
then {
deny;
}
}
If you want to allow ARP packets in general, the rule2 could be modified as below:
entry iprule2 {
if {
ethernet-type 0x0806;
}
then {
permit;
}
}
Hope this helps!
I agree with the discussion above. We need to add separate entries to permit or deny the rest of the traffic. The rule1 above only matches the source IP address. So, the ARP packets could be dropped. If this is the only IP address that you would like to allow, the following ACL could be considered.
entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
}
entry iprule2 {
if {
arp-sender-address 10.1.2.246/32;
}
then {
permit;
}
}
entry iprule3 {
if {
}
then {
deny;
}
}
If you want to allow ARP packets in general, the rule2 could be modified as below:
entry iprule2 {
if {
ethernet-type 0x0806;
}
then {
permit;
}
}
Hope this helps!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-04-2015 10:33 PM
This solution works perfectly!!!!!
Thankyou Mr.Prashant and everyone for your guidance 🙂
Thankyou Mr.Prashant and everyone for your guidance 🙂
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-04-2015 01:21 PM
Hi Ashish,
What AlexandrP said is corrrect except there should be another entry in there above the second if. Like so:
entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
}
entry iprule2 {
if {
}
then {
deny;
}
}
Just incase this helps here is a article written for ACL's
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS
You can place multiple entries in one policy but it will only trigger on one of them. This means that the order is important because it goes from top to bottom.
What AlexandrP said is corrrect except there should be another entry in there above the second if. Like so:
entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
}
entry iprule2 {
if {
}
then {
deny;
}
}
Just incase this helps here is a article written for ACL's
https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS
You can place multiple entries in one policy but it will only trigger on one of them. This means that the order is important because it goes from top to bottom.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-04-2015 10:35 AM
Hi, Ashish!
I think better will be:
entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
if {
}
then {
deny ;
}
}
Thank you!
I think better will be:
entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
if {
}
then {
deny ;
}
}
Thank you!
