Reset Search
 

 

Article

ACL in EXOS to allow only specific traffic egressing a port

« Go Back

Information

 
TitleACL in EXOS to allow only specific traffic egressing a port
Symptoms
In a multicast environment with the IGMP snooping disabled, there is a possibility of unnecessary traffic flooding out of the port connected to the video recording devices.
This could lead to a congestion on the port and eventually the packet drops and intermittent recording issues.
Environment
Summit and Blackdiamond Series(which supports egress ACL)
EXOS all

 
Cause
With high amount of multicast traffic flow in the VLAN and IGMP snooping disabled, it is expected that the traffic is flooded out of the port.
This is an expected behavior.
Resolution
If the hardware supports the egress ACL, the following ACL could be a work-around.
Egress ACL supported platforms: 

(BlackDiamond X8 series switches, BlackDiamond 8000 c-, xl-, xm-series
modules, E4G-200 and E4G-400 switches, and Summit X460, X460-G2,
X480, X670, X670-G2, and X770 switches only).
 
entry test {
if match all {
    destination-address xx.xx.xx.xx/xx; — > IP and subnet of the required traffic 
}
then {
    permit  ;
    count permitted ;
}
}

entry test1 {
if match all {
    destination-address xx.xx.xx.xx/xx ; —>  deny the rest of the multicast traffic. 
}
then {
    deny  ;
    count denied ;
}
}

configure access-list <acl_name> port <port numbers> egress
Please refer the link below to know how to create and apply ACL in EXOS.
How to create and apply an ACL in EXOS

 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255