Layer-2 Protocol Tunneling ACL on X670V
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-12-2015 01:00 PM
ExOS is summitX-15.3.1.4-patch1-31
Examples are from ACL Solutions Guide
What is wrong with this ACLs ?
* sw2.g50.kv.38 # edit policy l2pt-cdp-inentry cdp_pdu {
if {
ethernet-destination-address 01:00:0c??cc:cc ;
snap-type 0x2000 ;
} then {
replace-ethernet-destination-address 01:00:0c?cd:d0 ;
count cdp_ingress ;
}
}
* sw2.g50.kv.39 # edit policy l2pt-cdp-outentry cdp_pdu {
if {
ethernet-destination-address 01:00:0c?cd:d0 ;
snap-type 0x2000 ;
} then {
replace-ethernet-destination-address 01:00:0c??cc:cc ;
count cdp_egress ;
}
}
* sw2.g50.kv.40 # conf access-list l2pt-cdp-in ports 5 ingress
Error: ACL install operation failed - vlan *, port 5, rule "cdp_pdu" Invalid parameter (user-defined field (UDF))
* sw2.g50.kv.41 # conf access-list l2pt-cdp-out ports 5 egress
Error: ACL install operation failed - conditions specified in rule "cdp_pdu" cannot be satisfied by hardware on vlan *, port 5
* sw2.g50.kv.42 #
Examples are from ACL Solutions Guide
What is wrong with this ACLs ?
* sw2.g50.kv.38 # edit policy l2pt-cdp-inentry cdp_pdu {
if {
ethernet-destination-address 01:00:0c??cc:cc ;
snap-type 0x2000 ;
} then {
replace-ethernet-destination-address 01:00:0c?cd:d0 ;
count cdp_ingress ;
}
}
* sw2.g50.kv.39 # edit policy l2pt-cdp-outentry cdp_pdu {
if {
ethernet-destination-address 01:00:0c?cd:d0 ;
snap-type 0x2000 ;
} then {
replace-ethernet-destination-address 01:00:0c??cc:cc ;
count cdp_egress ;
}
}
* sw2.g50.kv.40 # conf access-list l2pt-cdp-in ports 5 ingress
Error: ACL install operation failed - vlan *, port 5, rule "cdp_pdu" Invalid parameter (user-defined field (UDF))
* sw2.g50.kv.41 # conf access-list l2pt-cdp-out ports 5 egress
Error: ACL install operation failed - conditions specified in rule "cdp_pdu" cannot be satisfied by hardware on vlan *, port 5
* sw2.g50.kv.42 #
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-17-2015 08:58 AM
So, Is there a chance to transport a PDUs on ExOS 15.3 at x670v switch ?
Upgrade is not suitable.
Upgrade is not suitable.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-13-2015 11:59 AM
Hi Pavel,
At this point it may be time to contact GTAC. The problem appears to be with the action "replace-ethernet-destination-address" as the ACL does not cause an error when this action is removed.
Another option to consider is an EXOS upgrade to the recommended version for the X670 to use Layer 2 Protocol Tunneling.
Read about L2PT (Starting on page 2333)
http://extrcdn.extremenetworks.com/wp-content/uploads/2015/01/ExtremeXOS_15_5_User-Guide.pdf
At this point it may be time to contact GTAC. The problem appears to be with the action "replace-ethernet-destination-address" as the ACL does not cause an error when this action is removed.
Another option to consider is an EXOS upgrade to the recommended version for the X670 to use Layer 2 Protocol Tunneling.
Read about L2PT (Starting on page 2333)
http://extrcdn.extremenetworks.com/wp-content/uploads/2015/01/ExtremeXOS_15_5_User-Guide.pdf
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-13-2015 01:39 AM
System Type: X670V-48x
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-12-2015 09:37 PM
Hi Pavel,
What model of switch is this?
-Brandon
What model of switch is this?
-Brandon
