This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

How do I configure an access list to allow only one IP through ingress port?

How do I configure an access list to allow only one IP through ingress port?

Anonymous
Not applicable

ā€Ž08-04-2015 10:32 AM

entry iprule1 {if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
else {
deny ;
}
}

I am getting error:

Error: ACL install operation failed - conflicting actions

And where is "Extreme Networks Policy Manager" cant find it on extremenewtworks.com.

0 Kudos
12 REPLIES 12

Prashanth_KG
Extreme Employee

ā€Ž08-04-2015 10:33 PM

Hi Ashish,

I agree with the discussion above. We need to add separate entries to permit or deny the rest of the traffic. The rule1 above only matches the source IP address. So, the ARP packets could be dropped. If this is the only IP address that you would like to allow, the following ACL could be considered.

entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
}

entry iprule2 {
if {
arp-sender-address 10.1.2.246/32;
}
then {
permit;
}
}

entry iprule3 {
if {
}
then {
deny;
}
}

If you want to allow ARP packets in general, the rule2 could be modified as below:

entry iprule2 {
if {
ethernet-type 0x0806;
}
then {
permit;
}
}

Hope this helps!
0 Kudos

Anonymous
Not applicable
In response to Prashanth_KG

ā€Ž08-04-2015 10:33 PM

This solution works perfectly!!!!!

Thankyou Mr.Prashant and everyone for your guidance šŸ™‚

0 Kudos

Patrick_Voss
Extreme Employee

ā€Ž08-04-2015 01:21 PM

Hi Ashish,

What AlexandrP said is corrrect except there should be another entry in there above the second if. Like so:

entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
}

entry iprule2 {
if {
}
then {
deny;
}
}

Just incase this helps here is a article written for ACL's

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-create-and-apply-an-ACL-in-EXOS

You can place multiple entries in one policy but it will only trigger on one of them. This means that the order is important because it goes from top to bottom.
0 Kudos

Alexandr_P
Valued Contributor

ā€Ž08-04-2015 10:35 AM

Hi, Ashish!

I think better will be:
entry iprule1 {
if {
source-address 10.1.2.246/32 ;
}
then {
permit ;
}
if {
}
then {
deny ;
}
}

Thank you!
0 Kudos
GTM-P2G8KFN