Basic ACL: Switch says ACL doesn't exist when I created it, please help.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-19-2015 02:51 PM
Hi Everyone,
I'm trying to create and apply a ACL to a vlan on my switch but when I run the commands it says it doesn't exist.
1. I created the policy by entering: vi PBR_DEFAULTROUTE.pol
I enter a simple a entry and entered :wq! to save. successfully.
2. I typed in ls and it is listed under my files.
-rw-rw-rw- 1 root 0 932 May 19 12:39 PBR_DEFAULTROUTE.pol
3. Saved config on switch
4. I entered check policy PBR_DEFAULTROUTE.pol
# check policy PBR_DEFAULTROUTE.pol
Error: Policy PBR_DEFAULTROUTE.pol does not exist on file
5. Attempt to apply to VLAN
# configure access-list PBR_DEFAULTROUTE.pol vlan "Test_ACL" ingress
.Error: ACL policy PBR_DEFAULTROUTE.pol not found
Configuration failed on backup Node, command execution aborted!
Below is my original post on what I'm trying to accomplish but for this one I'm trying to enable this VLAN.
https://community.extremenetworks.com/extreme/topics/i-need-one-device-to-have-a-specific-ip-default...
I'm trying to create and apply a ACL to a vlan on my switch but when I run the commands it says it doesn't exist.
1. I created the policy by entering: vi PBR_DEFAULTROUTE.pol
I enter a simple a entry and entered :wq! to save. successfully.
2. I typed in ls and it is listed under my files.
-rw-rw-rw- 1 root 0 932 May 19 12:39 PBR_DEFAULTROUTE.pol
3. Saved config on switch
4. I entered check policy PBR_DEFAULTROUTE.pol
# check policy PBR_DEFAULTROUTE.pol
Error: Policy PBR_DEFAULTROUTE.pol does not exist on file
5. Attempt to apply to VLAN
# configure access-list PBR_DEFAULTROUTE.pol vlan "Test_ACL" ingress
.Error: ACL policy PBR_DEFAULTROUTE.pol not found
Configuration failed on backup Node, command execution aborted!
Below is my original post on what I'm trying to accomplish but for this one I'm trying to enable this VLAN.
https://community.extremenetworks.com/extreme/topics/i-need-one-device-to-have-a-specific-ip-default...
13 REPLIES 13
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-03-2015 04:08 PM
I helped assist Arison with this through a GTAC case. The reason why he cannot set the default gateway on the switch as the firewall, is that this is a remote hosting situation.
The end user is accessing servers on Arison's network, so he wanted all traffic related to the end user subnet to be redirected to the end user firewall.
The redirect ACL was always working, but it turns out the end user had a setting on their firewall that would deny traffic to the internet from any device without anti-virus. After this setting was disabled, the test was successful.
The end user is accessing servers on Arison's network, so he wanted all traffic related to the end user subnet to be redirected to the end user firewall.
The redirect ACL was always working, but it turns out the end user had a setting on their firewall that would deny traffic to the internet from any device without anti-virus. After this setting was disabled, the test was successful.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-19-2015 03:08 PM
Try using this command edit policy PBR_DEFAULTROUTE. Even if the policy does not already exist, it will create it for you.... and like Josh said, you don't need to use the file extension when applying or modifying, it is implied. You only need to use the file extension when manipulating it within the file structure, i.e. copying to a tftp destination.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-19-2015 03:08 PM
Yep, looks like my PBR's ar all to different VLANs. I re-read your problem and I am wondering why the firewall is not the def gw? You may have explained it, I just missed it.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎05-19-2015 03:08 PM
Policy could be modified as below:
entry PBR {if match all {
source-address 192.168.2.0/24;
destination-address 0.0.0.0/0;
}
then {
redirect-port ;
}
}
entry PBR {if match all {
source-address 192.168.2.0/24;
destination-address 0.0.0.0/0;
}
then {
redirect-port ;
}
}
