This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VMAN + ACL

VMAN + ACL

Alexandr_P
Valued Contributor

‎04-12-2016 09:21 AM

Hello!

Have scheme:
Cisco (vman tag) -> (port24 vman tag) Extreme X440 ( port 23 vman untag) -> CheckPoint
BUT CheckPoint work in passive mode (only receive traffic), also I can't see MAC of CheckPoint, so traffic don't go to port 23 (X440 don't know whom send it)

May be ACL with action But for what vlan/port I have to map this ACL?

Thank you!
0 Kudos
8 REPLIES 8

Alexandr_P
Valued Contributor
In response to Alexandr_P

‎04-12-2016 11:03 AM

Hello, Nikolay!

I need to redirect unpacked vlan (vlan without outer vman tag)

Thank you!
0 Kudos

Necheporenko__N
Extreme Employee
In response to Alexandr_P

‎04-12-2016 11:03 AM

configure access-list redirect-all ports 24 ingress
Policy: redirect-all
entry one {
if match all {
vlan-id 77 # vman outer tag }
then {
permit ;
count all ;
redirect-port 23 ;
}
}
Number of clients bound to policy: 1
0 Kudos

Henrique
Extreme Employee
In response to Alexandr_P

‎04-12-2016 11:03 AM

Do you want to redirect all traffic (all vlans) or an specific vlan?

If you want to redirect an specific vlan traffic then I believe you should use "cvid" match-condition to match the inner-Vlan ID and then "redirect-port 21"

Regarding the mirroring, I'm not sure if there is any limitation when mirroring an inner-vlan. A lab might be good to confirm that.
0 Kudos

Henrique
Extreme Employee

‎04-12-2016 10:58 AM

Hi Alexandr, what about creating an static FDB/ARP entry pointing to the checkpoint?
0 Kudos
GTM-P2G8KFN