cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Basic ACL: Switch says ACL doesn't exist when I created it, please help.

Basic ACL: Switch says ACL doesn't exist when I created it, please help.

Arison_Mercado
New Contributor II
Hi Everyone,

I'm trying to create and apply a ACL to a vlan on my switch but when I run the commands it says it doesn't exist.

1. I created the policy by entering: vi PBR_DEFAULTROUTE.pol
I enter a simple a entry and entered :wq! to save. successfully.

2. I typed in ls and it is listed under my files.

-rw-rw-rw- 1 root 0 932 May 19 12:39 PBR_DEFAULTROUTE.pol

3. Saved config on switch

4. I entered check policy PBR_DEFAULTROUTE.pol

# check policy PBR_DEFAULTROUTE.pol
Error: Policy PBR_DEFAULTROUTE.pol does not exist on file

5. Attempt to apply to VLAN

# configure access-list PBR_DEFAULTROUTE.pol vlan "Test_ACL" ingress

.Error: ACL policy PBR_DEFAULTROUTE.pol not found
Configuration failed on backup Node, command execution aborted!

Below is my original post on what I'm trying to accomplish but for this one I'm trying to enable this VLAN.

https://community.extremenetworks.com/extreme/topics/i-need-one-device-to-have-a-specific-ip-default...
13 REPLIES 13

Hi Arison,

Re-direct using an IP within a VLAN may not be possible. You could consider redirect-port .

Let me take a look at one of my pbr's and compare. This is being applied inbound on the VLAN for 192.168.2.0/27, right?

Jeremy,

thanks for your help, I've applied the ACL as you described and I'm able to ping their network address's as well as there Firewall. I just can't get the redirect to point to their default gateway. Is there anything that I could be missing?

Ok, good deal. You don't have to add the CIDR when specifying the redict destination.. so you can remove the /32 from 192.168.2.100.

Ok, so the problem was I was adding the .pol when applying the file to the VLAN. Now my new error message is this "Error: Policy PBR_DEFAULT has syntax errors
Line 15 : Too many arguments from "/"

All I want to do is route traffic from a private vlan to another firewall and not allow anyone on my network access it. We're just going to host someones equipment on our site. Also please note we have a dedicated VLAN for the customer and again I dont want anyone pinging to it as well as have them redirect to their firewall and not out default route. Sorry I come from a cisco background and scripting is not my forte

##### Redirect default route entry

entry PBR {if match all {
source-address 192.168.2.0/24;
destination-address 0.0.0.0/0;
}

then {
redirect 192.168.2.100/32;
}
}

###### Deny internal Network to customer VLAN

entry rule1 {If match all {
source-address 172.16.0.0/16;
destination-address 192.168.2.0/24;
}
then {
deny ;
count RULE1-COUNT ;
}
}

GTM-P2G8KFN