Reset Search
 

 

Article

How to create and apply an ACL in EXOS

« Go Back

Information

 
TitleHow to create and apply an ACL in EXOS
Objective
Create a policy file and apply it to an interface as an ACL
Environment
  • EXOS All
  • Summit
  • BlackDiamond
Procedure
  • Type vi <POLICY_NAME>.pol to create the policy file
  • In the Vi editor, type press the i key to enter insert mode.
  • Create the entries in the policy file in the editor. Example syntax is below.
  • Exit insert mode by pressing the Esc key.
  • Save and exit by typing :wq
  • Apply the ACL to an interface with the command configure access-list <POLICY_NAME> [port|vlan] <PORT_NUMBER|VLAN_NAME> [ingress|egress]
Note that not all platforms support egress ACLs. Details can be found in the following article:
What EXOS platforms support egress ACLs?

Syntax example:

 
entry acl_entry{
    if {
        <MATCH_CONDITIONS>
    } then {
        <ACTION_MODIFIERS>
    }
}


Details on match conditions, actions, and action modifiers can be found in the EXOS Concepts Guide.
Additional notes
To achieve packet counter for a condition, use "count <User-defined-ctr-name>;" as an action modifier

For example, the entry below will match all traffic with a source IP of 192.168.31.122 and a destination IP of 192.168.32.41. Every packet that hits this ACL will increment the counter :

 
entry one {
    if match all { 
        source-address 192.168.31.122/32 ;
        destination-address 192.168.32.41/32 ;
    } then {
        count test ;
        permit ;
    }
}

To check the ACL counters use command : Show access-list counter {ingress | egress}
 
* X450G2-48p-10G4.5 # show access-list counter ingress
Policy Name       Vlan Name        Port   Direction
    Counter Name                   Packet Count         Byte Count
==================================================================
test              *                1      ingress
    test                           7

The HUB link with an example to permit DHCP packets:
https://community.extremenetworks.com/extreme/topics/correct-rule-to-allow-dhcp-in-acl-for-a-vlan

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255