This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Basic ACL: Switch says ACL doesn't exist when I created it, please help.

Basic ACL: Switch says ACL doesn't exist when I created it, please help.

Arison_Mercado
New Contributor II

ā€Ž05-19-2015 02:51 PM

Hi Everyone,

I'm trying to create and apply a ACL to a vlan on my switch but when I run the commands it says it doesn't exist.

1. I created the policy by entering: vi PBR_DEFAULTROUTE.pol
I enter a simple a entry and entered :wq! to save. successfully.

2. I typed in ls and it is listed under my files.

-rw-rw-rw- 1 root 0 932 May 19 12:39 PBR_DEFAULTROUTE.pol

3. Saved config on switch

4. I entered check policy PBR_DEFAULTROUTE.pol

# check policy PBR_DEFAULTROUTE.pol
Error: Policy PBR_DEFAULTROUTE.pol does not exist on file

5. Attempt to apply to VLAN

# configure access-list PBR_DEFAULTROUTE.pol vlan "Test_ACL" ingress

.Error: ACL policy PBR_DEFAULTROUTE.pol not found
Configuration failed on backup Node, command execution aborted!

Below is my original post on what I'm trying to accomplish but for this one I'm trying to enable this VLAN.

https://community.extremenetworks.com/extreme/topics/i-need-one-device-to-have-a-specific-ip-default...
0 Kudos
13 REPLIES 13

Prashanth_KG
Extreme Employee
In response to Jeremy_Thornton

ā€Ž05-19-2015 03:08 PM

Hi Arison,

Re-direct using an IP within a VLAN may not be possible. You could consider redirect-port .

0 Kudos

Jeremy_Thornton
New Contributor II
In response to Jeremy_Thornton

ā€Ž05-19-2015 03:08 PM

Let me take a look at one of my pbr's and compare. This is being applied inbound on the VLAN for 192.168.2.0/27, right?
0 Kudos

Arison_Mercado
New Contributor II
In response to Jeremy_Thornton

ā€Ž05-19-2015 03:08 PM

Jeremy,

thanks for your help, I've applied the ACL as you described and I'm able to ping their network address's as well as there Firewall. I just can't get the redirect to point to their default gateway. Is there anything that I could be missing?
0 Kudos

Jeremy_Thornton
New Contributor II
In response to Jeremy_Thornton

ā€Ž05-19-2015 03:08 PM

Ok, good deal. You don't have to add the CIDR when specifying the redict destination.. so you can remove the /32 from 192.168.2.100.
0 Kudos

Arison_Mercado
New Contributor II
In response to Jeremy_Thornton

ā€Ž05-19-2015 03:08 PM

Ok, so the problem was I was adding the .pol when applying the file to the VLAN. Now my new error message is this "Error: Policy PBR_DEFAULT has syntax errors
Line 15 : Too many arguments from "/"

All I want to do is route traffic from a private vlan to another firewall and not allow anyone on my network access it. We're just going to host someones equipment on our site. Also please note we have a dedicated VLAN for the customer and again I dont want anyone pinging to it as well as have them redirect to their firewall and not out default route. Sorry I come from a cisco background and scripting is not my forte

##### Redirect default route entry

entry PBR {if match all {
source-address 192.168.2.0/24;
destination-address 0.0.0.0/0;
}

then {
redirect 192.168.2.100/32;
}
}

###### Deny internal Network to customer VLAN

entry rule1 {If match all {
source-address 172.16.0.0/16;
destination-address 192.168.2.0/24;
}
then {
deny ;
count RULE1-COUNT ;
}
}

0 Kudos
GTM-P2G8KFN