This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- RE: What is the line length limit on policy file r...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
What is the line length limit on policy file redirect-port-list command?
What is the line length limit on policy file redirect-port-list command?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-23-2017 05:16 PM
Is there a line length limit in ACL policy files, if so what is it?
Is there a line continuation command to allow for longer command lengths?
Is this error trying to tell me something else?
I am getting the following error when I attempt to configure my ingress acces-list:
* Slot-1 Stack.3 # configure access-list x450_fsr_afdx_a vlan afdx_a ingressError: Policy x450_fsr_afdx_a has syntax errors
Line 594 : 1:43,1:25,1:33,1:13,1:41,1:23,1:9,1:11,1:1,1:3,1:19,1:15,1:17,1:5,1:7,1:45,1:27,1:39,1:21,1:31 is too long.
The policy defined at line 594 is: (redirect-port-list command is all on one line, 120 characters long).
entry VL-1180 {
if match all { ethernet-destination-address 03:00:00:00:04:9C; } then { permit; redirect-port-list 1:43,1:25,1:33,1:13,1:41,1:23,1:9,1:11,1:1,1:3,1:19,1:15,1:17,1:5,1:7,1:45,1:27,1:39,1:21,1:31; } } All of the ports listed are in the vlan:
configure vlan afdx_a add ports 1:1,1:3,1:5,1:7,1:9,1:11,1:13,1:15,1:17,1:19,1:21,1:23,1:25,1:27,1:29,1:31,1:33,1:35,1:37,1:39,1:41,1:43,1:45 untagged
Switch version: Summit-X450-G2-48t-10GE4
* Slot-1 Stack.1 # show version
Slot-1 : 800600-00-03 1531N-42369 Rev 3.0 BootROM: 1.0.2.1 IMG: 21.1.1.4
Slot-2 :
Slot-3 :
Slot-4 :
Slot-5 :
Slot-6 :
Slot-7 :
Slot-8 :
Image : ExtremeXOS version 21.1.1.4 by release-manager
on Mon Mar 7 16:12:04 EST 2016
BootROM : 1.0.2.1
Diagnostics : 5.3
Is there a line continuation command to allow for longer command lengths?
Is this error trying to tell me something else?
I am getting the following error when I attempt to configure my ingress acces-list:
* Slot-1 Stack.3 # configure access-list x450_fsr_afdx_a vlan afdx_a ingressError: Policy x450_fsr_afdx_a has syntax errors
Line 594 : 1:43,1:25,1:33,1:13,1:41,1:23,1:9,1:11,1:1,1:3,1:19,1:15,1:17,1:5,1:7,1:45,1:27,1:39,1:21,1:31 is too long.
The policy defined at line 594 is: (redirect-port-list command is all on one line, 120 characters long).
entry VL-1180 {
if match all { ethernet-destination-address 03:00:00:00:04:9C; } then { permit; redirect-port-list 1:43,1:25,1:33,1:13,1:41,1:23,1:9,1:11,1:1,1:3,1:19,1:15,1:17,1:5,1:7,1:45,1:27,1:39,1:21,1:31; } } All of the ports listed are in the vlan:
configure vlan afdx_a add ports 1:1,1:3,1:5,1:7,1:9,1:11,1:13,1:15,1:17,1:19,1:21,1:23,1:25,1:27,1:29,1:31,1:33,1:35,1:37,1:39,1:41,1:43,1:45 untagged
Switch version: Summit-X450-G2-48t-10GE4
* Slot-1 Stack.1 # show version
Slot-1 : 800600-00-03 1531N-42369 Rev 3.0 BootROM: 1.0.2.1 IMG: 21.1.1.4
Slot-2 :
Slot-3 :
Slot-4 :
Slot-5 :
Slot-6 :
Slot-7 :
Slot-8 :
Image : ExtremeXOS version 21.1.1.4 by release-manager
on Mon Mar 7 16:12:04 EST 2016
BootROM : 1.0.2.1
Diagnostics : 5.3
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-25-2017 02:52 AM
HI David,
For the follow-up question, if we specify the ports 3-5, the port 4 will not be ignored. Because the redirect-port-list does not take VLAN into consideration.
If the port 4 is not active or not used, then we can use the above suggestion.
Regarding the limits in the characters as reported, I will work with the Engineering and see if this limit can be increased. Will keep this thread updated.
Thanks
For the follow-up question, if we specify the ports 3-5, the port 4 will not be ignored. Because the redirect-port-list does not take VLAN into consideration.
If the port 4 is not active or not used, then we can use the above suggestion.
Regarding the limits in the characters as reported, I will work with the Engineering and see if this limit can be increased. Will keep this thread updated.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-24-2017 01:07 PM
A follow up question, if my vlan is all the odd ports, and I use a redirect-port-list as suggested (i.e. 1:3-5) will port 4 be ignored since it is not included in the vlan?
Also, I did find this statement (I guess erroneous?) in the EXOS_User_Guide_21_1.pdf:
"redirect-port-list port_list—Supports multiple redirect ports as arguments. When used inan ACL, matching packets are now redirected to multiple ports as specified in the ACL while
overriding the default forwarding decision. Maximum number of ports that can be mentioned in this
list is 64. (Summit X450-G2, X460-G2, X670-G2, X770, X440-G2, and X620)."
Thanks, I will give this a try.
Also, I did find this statement (I guess erroneous?) in the EXOS_User_Guide_21_1.pdf:
"redirect-port-list port_list—Supports multiple redirect ports as arguments. When used inan ACL, matching packets are now redirected to multiple ports as specified in the ACL while
overriding the default forwarding decision. Maximum number of ports that can be mentioned in this
list is 64. (Summit X450-G2, X460-G2, X670-G2, X770, X440-G2, and X620)."
Thanks, I will give this a try.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-24-2017 06:47 AM
Hi David,
It looks like the redirect-port-list is actually allowing only 64 characters including ;. That is why, we are not able to apply the policy after certain length. We will work internally and see if we increase this length.
1:23,1:9,1:11,1:1,1:3,1:19,1:15,1:17,1:5,1:7,1:45,1:27,1:39,1:21 - This does not work.
1:9,1:11,1:1,1:3,1:19,1:15,1:17,1:5,1:7,1:45,1:27,1:39,1:21 - This works.
It is not a limit with the number of ports but the characters used after the action modifier redirect-port-list.
redirect-port-list 1:1-48;
will certainly work. So, we may need to reduce the number of characters by grouping different ports in a range.
For example, if port 1:4 is not active and not used, instead of writing, 1:3,1:5
we can write 1:3-5 which will reduce the number of characters used.
Hope this helps!
It looks like the redirect-port-list is actually allowing only 64 characters including ;. That is why, we are not able to apply the policy after certain length. We will work internally and see if we increase this length.
1:23,1:9,1:11,1:1,1:3,1:19,1:15,1:17,1:5,1:7,1:45,1:27,1:39,1:21 - This does not work.
1:9,1:11,1:1,1:3,1:19,1:15,1:17,1:5,1:7,1:45,1:27,1:39,1:21 - This works.
It is not a limit with the number of ports but the characters used after the action modifier redirect-port-list.
redirect-port-list 1:1-48;
will certainly work. So, we may need to reduce the number of characters by grouping different ports in a range.
For example, if port 1:4 is not active and not used, instead of writing, 1:3,1:5
we can write 1:3-5 which will reduce the number of characters used.
Hope this helps!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-24-2017 06:23 AM
I am not aware of a maximum line length, but instead of adding every port manually you could use action redirect-vlan (without anything behind it). This will flood the packets to all ports in the vlan.
Your ACL would look like:
entry VL-1180 {
if match all {
ethernet-destination-address 03:00:00:00:04:9C;
} then {
redirect-vlan;
}
}
Your ACL would look like:
entry VL-1180 {
if match all {
ethernet-destination-address 03:00:00:00:04:9C;
} then {
redirect-vlan;
}
}
