Reset Search



How to create and apply an ACL in EXOS

« Go Back


TitleHow to create and apply an ACL in EXOS
Create a policy file and apply it to an interface as an ACL
  • EXOS All
  • Summit
  • BlackDiamond
  • Type vi <POLICY_NAME>.pol to create the policy file
  • In the Vi editor, type press the i key to enter insert mode.
  • Create the entries in the policy file in the editor. Example syntax is below.
  • Exit insert mode by pressing the Esc key.
  • Save and exit by typing :wq
  • Apply the ACL to an interface with the command configure access-list <POLICY_NAME>(Don't include .pol in the policy name) [port|vlan] <PORT_NUMBER|VLAN_NAME> [ingress|egress]
Note that not all platforms support egress ACLs. Details can be found in the following article:
What EXOS platforms support egress ACLs?

Syntax example:

entry acl_entry{
    if {
    } then {

Details on match conditions, actions, and action modifiers can be found in the EXOS User Guide.
Additional notes
To achieve packet counter for a condition, use "count <User-defined-ctr-name>;" as an action modifier

For example, the entry below will match all traffic with a source IP of and a destination IP of Every packet that hits this ACL will increment the counter :

entry one {
    if match all { 
        source-address ;
        destination-address ;
    } then {
        count test ;
        permit ;

To check the ACL counters use command : Show access-list counter {ingress | egress}
* X450G2-48p-10G4.5 # show access-list counter ingress
Policy Name       Vlan Name        Port   Direction
    Counter Name                   Packet Count         Byte Count
test              *                1      ingress
    test                           7

The HUB link with an example to permit DHCP packets:



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255