cancel
Showing results for 
Search instead for 
Did you mean: 

VMAN + ACL

VMAN + ACL

Alexandr_P
Valued Contributor
Hello!

Have scheme:
Cisco (vman tag) -> (port24 vman tag) Extreme X440 ( port 23 vman untag) -> CheckPoint
BUT CheckPoint work in passive mode (only receive traffic), also I can't see MAC of CheckPoint, so traffic don't go to port 23 (X440 don't know whom send it)

May be ACL with action But for what vlan/port I have to map this ACL?

Thank you!
8 REPLIES 8

Jarek
New Contributor II
Did you try disable learning vman VmanName ?

--
Jarek

Jarek
New Contributor II
Hi , Sorry for delay. Yes it should send all traffic from vman to port 23. I have tested with vlan and it works. I think with vman will be the same behavior. -- Jarek

Alexandr_P
Valued Contributor
You think in this case all traffic will be directly forward to port 23?

Alexandr_P
Valued Contributor
In this case to this port only will be forwarded traffic which have MAC-dst is Checkpoint, but I need all traffic have to be forwarded there.

For now I think 2 variants:
1- to do mirror, like:
#create mirror test3001

#configure mirror add vlan Int3001

#enable mirror to port 21

2- to do ACL, with match condition vlan-id (is present in EXOS 15.7), and some variants of actions:

redirect-name name—Specifies the name of the flow-redirect that must be used to redirect matching traffic.

redirect-port port—Overrides the forwarding decision and changes the egress port used.

mirror—Rules that contain mirror as an action modifier will use a separate slice.

What is your thoughts about this points?

Thank you!

GTM-P2G8KFN