Reset Search
 

 

Article

What direction to choose for ACL

« Go Back

Information

 
TitleWhat direction to choose for ACL
Question
Which direction shall ACL be assigned to match the intended traffic?
Environment
  • All Summit WM3000 Series Controllers
  • ExtremeWiNG Controllers
  • WirelessWiNG Controllers
  • ExtremeWiNG Access Points
  • WirelessWiNG Acess Points
  • WiNG v5.X Software
Answer
WiNG (Enterprise) supports usual directions for ACLs to be assigned - inbound / outbound

This is always taken from the perspective of an interface, not considering bridge / bus node.
Most popular examples:
  • Wireless radio – inbound is to DS, outbound is from DS
  • VLAN / GE port – inbound is received from LAN, outbound is sent to LAN
If you are not sure, take a look on traffic using remote-debug command
 
VX# remote-debug live-pktcap hosts VX interface ge 1
Capturing up to 50 packets from each remote host. Use Ctrl-C to abort
[VX,ge1] 1 13:27:51.499579 I UDP: 192.168.7.225 > 239.255.255.250 ports 57490 > 1900, data length 182, DSCP 0
[VX,ge1] 2 13:27:51.504131 O TCP: 192.168.7.205 > 192.168.7.225 ports 22 > 42804, data length 164, PA, DF, DSCP 4
[VX,ge1] 3 13:27:51.508119 O TCP: 192.168.7.205 > 192.168.7.225 ports 22 > 42804, data length 164, PA, DF, DSCP 4

 
Additional notes
Interface BRIDGE does not distinguish directions - this is just processing all traffic
 
VX# remote-debug live-pktcap hosts VX bridge
Capturing up to 50 packets from each remote host. Use Ctrl-C to abort
[VX,bridge] 1 13:53:32.641343 ARP: Who has 192.168.7.111? tell 192.168.7.23
[VX,bridge] 2 13:53:32.641430 ARP: 192.168.7.111 is at 00-0C-29-DC-BA-EC
[VX,bridge] 3 13:53:32.644153 TCP: 192.168.7.205 > 192.168.7.225 ports 22 > 42804, data length 196, PA, DF, DSCP 4

 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255