This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (VSP/Fabric Engine)
- Re: Filter ACL's on VOSS, how far reaching are the...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Filter ACL's on VOSS, how far reaching are they?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-17-2023 07:52 AM
I have two VOSS cores (routers, vISTed), some other VOSS switches (Top of rack, etc), no EXOS, and number of ERS. I know that ERS can't handle ACL's.
My question is. To have effective ACL's (throughout the network), do I need to put them on each VOSS switch that we have? Or is there a way they can be defined on one VOSS switch (probably one of the routers), and they are effective throughout the network?
Thanks.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-18-2023 02:37 PM
First thing. You have been misinformed. ERS stackables 100% support ACLs. If you download the ERS4900/5900 Document collections you will find all the ACL information in the QoS guides.
To answer your question. ACL's only have significance on the switch they are applied to. If there was a MAC, VLAN, IP or PORT you wanted to block throughout your network you need to apply that ACL on every switch. There is no way for a switch to propogate its ACLs to other switches on its own.
With that said, if your VSP cores are the routers, applying the ACLs there would at minimum block the traffic there. As all traffic needs to come back to the core any L3 policy will be enforced there.
If you wanted dynamic ACLs you to be applied on your all switches you need to look at a dynamic Radius ACLs that would be applied to a NAC policy. This feature was just added to VOSS a few years ago. In this case XIQ-SE CONTROL would be your NAC engine.
VOSS does this. But EXOS does it better.
With many of the clients I am working with that were all AVAYA, today they are looking at replacing all their ERS switches with EXOS because of the ACLs and Policy are more powerful and easier to work with in CONTROL.
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-20-2023 10:27 AM
Thanks Paul. That explains and clarifies a number of things.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-18-2023 02:37 PM
First thing. You have been misinformed. ERS stackables 100% support ACLs. If you download the ERS4900/5900 Document collections you will find all the ACL information in the QoS guides.
To answer your question. ACL's only have significance on the switch they are applied to. If there was a MAC, VLAN, IP or PORT you wanted to block throughout your network you need to apply that ACL on every switch. There is no way for a switch to propogate its ACLs to other switches on its own.
With that said, if your VSP cores are the routers, applying the ACLs there would at minimum block the traffic there. As all traffic needs to come back to the core any L3 policy will be enforced there.
If you wanted dynamic ACLs you to be applied on your all switches you need to look at a dynamic Radius ACLs that would be applied to a NAC policy. This feature was just added to VOSS a few years ago. In this case XIQ-SE CONTROL would be your NAC engine.
VOSS does this. But EXOS does it better.
With many of the clients I am working with that were all AVAYA, today they are looking at replacing all their ERS switches with EXOS because of the ACLs and Policy are more powerful and easier to work with in CONTROL.
